Jack Wallen introduces you to a must-have
application to protect your Android devices from the new pileup flaw.
application to protect your Android devices from the new pileup flaw.
who can create malware, will create malware -- no matter how sneaky
they have to be to do so. The latest craze is called pileup malware. The
gist of this is a seemingly innocent and harmless piece of software is
installed on your device (even with the stamp of approval from your
malware scanner). The initial install requires little to no permissions,
so it looks perfectly safe. The problem comes when it's time to update
that software. Without needing your approval, the software will upgrade
its own permissions, giving it much more access than it originally had
-- there's the pileup (and the rub). You now have an official piece of
harmful malware on your machine.
This whole process was discovered by researchers at Indiana University. The same team that discovered the pileup process developed an app (called Secure Update Scanner)
that will scan your device for apps that can exploit the pileup flaw.
Effectively, the app is run before you update your device to check if
there are any pileup exploiting apps present. This is a very important
piece of software and should be installed on every one of your Android
devices.
Here's how you install and use this app.
Installation
The installation is as simple as any other app. Just follow these steps:- On your Android device, open the Google Play Store
- Search for Secure Update Scanner
- Locate and tap the entry by System Security Lab
- Tap Install
- Tap Accept
- Allow the installation to complete
Usage
There'svery little required in the usage of Secure Update Scanner. When you
first run the app, you'll get a welcome screen that gives you a simple
breakdown of how the app is used. Tap Okay, I got it, and you'll be
presented with immediate scan results (Figure A).
Figure A
Security Update Scanner running on a Verizon-branded HTC One Max.
Ifthe app locates any apps that exploit the pileup flaw, it will instruct
you how to remove those apps. If it does not find any malicious apps,
it will inform you that it's safe to go ahead with the device update. At
the bottom of the app, you'll a button that will even take you to the
system update window (or, in some devices, to the device information
window).
Security Update Scanner will also inform you of other
vulnerabilities, such as Unknown Sources enabled or installed patches
that could compromise your system.
No one wants to live in a
walled garden -- akin to the iOS App Store system. Having the Google
Play Store open so that it's easy for developers to get their apps into
the Android ecosystem makes for a developer-friendly environment.
Naturally, this causes issues like the pileup flaw to get exploited. So,
Google must step up to ensure functionalities (such as added by apps
like Security Update Scanner) are built into the foundation of the
platform.
If there are flaws, people will exploit them... and
their will be flaws, as no platform is perfect. Fortunately, there are
security labs across the globe locating and protecting/patching these
flaws. Users must also take some responsibility and use their devices
wisely, which includes using security tools, such as Security Update
Scanner, to ensure their platform is secure.
What do you think? Is
the responsibility on Google alone, or do you think end users also need
to be accountable? Share your opinion in the comments below.
No comments:
Post a Comment