Here’s a tale that’s sure to make you watch what you web links you click on your smartphone: researchers from security firm CrowdStrike has found a way to wrest control of your smartphone away from you via a single bad weblink. Demonstrated at last month’s RSA security conference, George Kurtz demonstrated before a packed audience how he and his colleagues took control of an Android smartphone via one bad link masquerading as a firmware update from a his carrier. Once he clicked on the link, a small program downloaded into his device and rebooted it, and from then on, he and his colleagues had complete control of the device, without the owner being aware.
The’re able to do this via bugs in the component of Android’s browser that’s present in both the 2.2 and 2.3 version of the mobile OS. If BlackBerry and iOS owners think they’re in clear, think again – WebKit, the the browser component that was exploited, is also at the core of the Web browsers found in Apple’s iPhone and iPad devices, BlackBerry phones, and Google’s TV devices.
Kurtz said that to prevent attacks like these, mobile providers and OS developers need to make more frequent updates to patch possible security holes. The prevention of a massive data breach like this also falls on the heads of users, which should not click on every link that lands in the mobile device – lest it be the opening that people who want to spy on you are waiting for.
Source: Technology Review