New threats ahead, warns security researcher
By Nick Heath
Published: 14 October 2008 12:20 GMT
Google's mobile operating system Android could spell the advent of new security threats, according to security experts.
Senior staff at security company Symantec warned that the open nature of the OS could see Android's users exposing themselves to malicious applications.
The OS could also expose users to new types of fraud, such as apps that fool the handset into texting premium rate numbers, Symantec threat researcher Candid Wuest said.
Google released the first version of the Android SDK earlier this year, allowing developers to write their own apps for the platform - apps which will be fully integrated with the OS itself.
Speaking to silicon.com at the Symantec Vision + ManageFusion EMEA 08 conference last week, Wuest said: "It is an open source approach and there are going to be some tough ones.
"If somebody can reach the whole OS then there is nothing stopping you from writing a new text message driver that every time you send a text message, it sends one to a premium high cost number."
Speaking at a recent roundtable discussion in London, Symantec COO Enrique Salem agreed that the open nature of the OS will present new vulnerabilities for users.
"Absolutely, any application development platform has to be secured in some fashion. You have to have the ability to scan and determine what is a trusted application," he said.
"People will decide what they want to use based on whether they trust the creator of the application - that's one of the risks.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
"At the end of the day it's hard for them to vet everybody who posts an app. That's where we have to come in to do some scanning."
He said Google should consider implementing a system where users have to confirm multiple times before installing apps or updates to make sure they are aware of what software they are loading onto their phones.
A Google spokesperson said users will have to take care about which apps they download to Android handsets: "As an open platform, Android allows users to load software from any developer onto a device.
"As with a home PC, the user must be aware of who is providing the software they are downloading and must decide whether they want to grant the application the capabilities it requests.
"This decision can be informed by the user's judgement of the software developer's trustworthiness, and where the software came from."
J2ME would be good.iphone or android development. You will need to have experience of applications on the app store. Then please get in touch with ...
Our Client is an iPhone app development agency based in central London. X development experience with proven track record of success (eg ...
Experience of creating apps with Google Android - if these apps are live more the better, although our client will consider "bedroom" developers too. ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Natasha Lomas Exclusive: Jimmy Wales on what's next for Wikipedia Why Wikipedia needs geeks and why a life unplugged is unthinkable
Peter Cochrane Peter Cochrane's Blog: United breaks guitars? Customer service has changed forever