Security researchers warn that 86 percent of Android smartphones are vulnerable and can be easily accessed by hackers.
Google-owned Android mobile OS has long been criticized for being vulnerable to hacking. Malwares, viruses and spywares attract the most dominant mobile OS due to its open-source network. A new report from the IBM security researchers says that 86 percent of Android smartphones are not secure and attackers can easily access highly sensitive information stored on the devices.
The Android KeyStore, a highly sensitive region of Android for storing cryptographic keys and other credentials, is the most vulnerable to attacks, IBM researchers noted in an advisory published last week. By exploiting the bug in the Android KeyStore, attackers can leak keys used by banking and other sensitive apps, VPN services, fingerprint patterns or device PINs and patterns.
The research team notified Google's Android Security Team of the flaw in September last year and the team fixed it in a patch available in KitKat in November. While Android users running version 4.4 KitKat remain unaffected with the bug, other OS versions including Jelly Bean, Gingerbread, Ice Cream Sandwich and Froyo are exposed. Android KitKat OS accounts for just 13.6 percent, while the remaining versions power 86.4 percent of all Android smartphones, according to Google's data.
Even though most Android users are at high risk of being hacked, it is not easy to exploit the bug to take advantage of the users' data. Attackers rely on an app installed on a vulnerable handset to get past other security layers put out by Android. But as the bug resides in the Android KeyStore, it poses an extreme threat to users.
If the phone's keyStore is compromised, attackers can gain access to the phone and login to any service. The ability to perform cryptographic operations lets attacker generate RSA key, sign and verify on behalf of the smartphone owner, Pau Oliva, senior mobile security engineer at viaForensics, told ARS Technica.
This a safety call for users who manage financial transactions from mobile phones to verify apps before installing them and avoid downloading apps from third-party app markets to a maximum extent.