• E-mail this page
• |  Print this page
• | 
• | 
• | 

Android SDK Not Secure, Vulnerable To Attack

According to researchers, certain open-source image processing libraries in Google's Android SDK are outdated and can be attacked by hackers. A total of eight vulnerabilities were found by Core Security. Core showed that the weaknesses can result in hackers taking complete control of Android handsets.

Core issued an advisory yesterday, and said, "Several vulnerabilities have been found in Android's core libraries for processing graphic content in some of the most used image formats (PNG, GIF an BMP). While some of these vulnerabilities stem from the use of outdated and vulnerable open-source image processing libraries, others were introduced by native Android code that use them or that implements new functionality."

Losing total control to hackers is a worst-case scenario. But I don't think there's any cause for alarm.

Keep in mind that the Android platform is currently available to developers in a beta release. Even though some hardware vendors have shown off working prototypes using early versions of the code, the final version of Android won't be available until later this year. Neither will handsets. The development community will likely find more weaknesses and bugs in Android before the final build is created.

According to the official Android Developers Blog, Google was aware of the problem, and issued a fix in the latest build of the platform (which was released last month).

Reports like this are going to continue to bubble to the surface as developers dig their fingers into the code. Creating a mobile platform takes time. Finding and fixing bugs is part of the process. The final version of Android will have all the ingenuity and skills of the Linux developer community behind it. That is sure to include rock-solid security.

« Betrayal Of Trust: When An Engineer Lies | Main | Android Is (Or Was) Insecure? Don't Panic »