SoylentNews is people
SoylentNews
from the the-only-way-to-be-secure-is-not-to-network dept.
Security researchers of the security group at the Free University of Amsterdam found a hole in Android. The scoop in Dutch - news is 10hrs old at time of writing, I didn't find an English source yet. Heck, the university hasn't even put out a press release, even though this is currently making a splash in the Dutch news.
In short, the researchers hacked the user's (desktop) browser and then installed (via this browser) a malicious app on the phone.This gave them basically full control over the phone: turning camera on/off, replacing installed apps with malicious versions, intercepting text messages, etc. In fact, they used this to reduce a common version of two-factor authentication (know password and have phone) to only one factor: they managed to intercept verification codes (text messages) sent by a bank.
The problem is not in a specific version of Android, but in the deep integration between Google's websites and Android. Google has been made aware of the problems late 2014, but has yet to publicly reply.
Original Submission
(Score: 0) by Anonymous Coward on Monday June 29 2015, @09:16AM
So, I guess I'm safe.
While some people were telling me that I wouldn't be able to use an Android tablet without a Google account, I have not have not found the need for one. F-droid has more software to choose from than the Microsoft store (I came from a Microsoft tablet), and app developers have three links - Apple Store, Google Play, Download APK.
As I read the summary, this exploit will not work without a Google account, in which case I'm safe.