{"id":2707,"date":"2016-01-20T12:39:05","date_gmt":"2016-01-20T04:39:05","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=2707"},"modified":"2016-01-20T12:39:05","modified_gmt":"2016-01-20T04:39:05","slug":"android-vulnerabilities-in-2016","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/","title":{"rendered":"Android Vulnerabilities: What to watch for in 2016"},"content":{"rendered":"

The Number of Android Vulnerabilities Will Continue to Rise in 2016<\/h2>\n

2015 was quite a year for mobile security. The number of known threats and Android vulnerabilities jumped by more than 30%, and the world learned that even the mighty iPhone could be hacked. 2016 will be even more active and most industry analysts believe hackers will be targeting Android devices more than any other device or computer class.<\/p>\n

The spotlight on Android vulnerabilities reminds me of a what the famous American bank robber Willie Sutton said when asked why he robs banks. His answer? “Because that’s where the money is…” So it goes with Android security. It is targeted by hackers,\u00a0because ‘that’s where the vulnerabilities are…”<\/p>\n

In the past week alone, security researchers in different companies have found 2 MAJOR zero-day vulnerabilities in Android. One is an update of the\u00a0Android.Bankosy<\/a> financial Trojan which lets malware steal passwords from voice call-based two-factor authentication.<\/p>\n

Writes Symantec: \u201cOnce installed, the malware opens a backdoor that enables unconditional call forwarding and silent mode on the device so the victim is not alerted during incoming calls. \u201cOnce this is set, the attacker \u2014 who has already stolen the victim\u2019s credentials (the first factor in two-factor authentication) \u2014 can steal authorisation tokens from voice calls and initiate a fraudulent financial transaction.\u201d<\/p>\n

Wow. So much for the power of 2-Factor authentication.<\/p>\n

The second major Android security issue became known 5 days ago thanks to the work of the security firm Perception Point. This is a Linux kernel weakness but note also that Android is built upon the Linux kernel. At risk are nearly 70 million Android devices around the world. According to Perception Point, the vulnerability was introduced in kernel version 3.8, which was released in Feb. 2013. This weakness allows malware that can be injected by a website to gain root access to the device. Once the malware has root access it can control every part<\/span> of the device.<\/p>\n

2016 will be a tough year for Android. As more and more devices implement SELinux expect to see more and more kernel android vulnerabilities in 2016.\u00a0And be wary, even when updates and patches are created, they often don’t make their way to the affected device. Additionally, Google is dropping support for Android below the 4.4 version. About 35% of existing Android devices are older than 4.4.<\/p>\n

No wonder CIOs, CISOs, and CTOs are worried about the ‘bring your own device’ to work reality we all now live in. The threat isn’t limited to Android devices, though.<\/p>\n

Remember the ‘AirDrop’ vulnerability of 2015? This was an iOS vulnerability that made it possible for a hacker to send and install malware on any device within range: even if the user tried to block the file by changing his\/her AirDrop settings on iOS.\u00a0Expect to see more and more jailbreaks and iOS kernel exploits in iOS 9.2 and 9.3, coming in 2016.<\/p>\n

Stay vigilant.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Number of Android Vulnerabilities Will Continue to Rise in 2016 2015 was quite a year for mobile security. The number of known threats and Android vulnerabilities jumped by more than 30%, and the world learned that even the mighty iPhone could be hacked. 2016 will be even more active and most industry analysts believe […]<\/p>\n","protected":false},"author":2,"featured_media":2715,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[209,210],"class_list":["post-2707","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-android","tag-android-vulnerabilities"],"yoast_head":"\nAndroid Vulnerabilities: What to watch for in 2016 - BankVault<\/title>\n<meta name=\"description\" content=\"Expect hackers to find and exploit more and more Android vulnerabilities and iOS kernel vulnerabilities in 2016.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android Vulnerabilities: What to watch for in 2016 - BankVault\" \/>\n<meta property=\"og:description\" content=\"Expect hackers to find and exploit more and more Android vulnerabilities and iOS kernel vulnerabilities in 2016.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-20T04:39:05+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android Vulnerabilities: What to watch for in 2016 - BankVault","description":"Expect hackers to find and exploit more and more Android vulnerabilities and iOS kernel vulnerabilities in 2016.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/","og_locale":"en_US","og_type":"article","og_title":"Android Vulnerabilities: What to watch for in 2016 - BankVault","og_description":"Expect hackers to find and exploit more and more Android vulnerabilities and iOS kernel vulnerabilities in 2016.","og_url":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2016-01-20T04:39:05+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"Android Vulnerabilities: What to watch for in 2016","datePublished":"2016-01-20T04:39:05+00:00","dateModified":"2016-01-20T04:39:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/"},"wordCount":482,"commentCount":0,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"image":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#primaryimage"},"thumbnailUrl":"","keywords":["android","android vulnerabilities"],"articleSection":["IT security news"],"inLanguage":"en-AU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/","url":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/","name":"Android Vulnerabilities: What to watch for in 2016 - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#primaryimage"},"image":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#primaryimage"},"thumbnailUrl":"","datePublished":"2016-01-20T04:39:05+00:00","dateModified":"2016-01-20T04:39:05+00:00","description":"Expect hackers to find and exploit more and more Android vulnerabilities and iOS kernel vulnerabilities in 2016.","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/"]}]},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/android-vulnerabilities-in-2016\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"Android Vulnerabilities: What to watch for in 2016"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=2707"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/2707\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=2707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=2707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=2707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}