- SMB Spotlight
Security researchers have uncovered a flaw in Google's Android operating system that could theoretically be exploited by hackers to break devices so they are beyond repair.
The vulnerability was spotted by independent researcher Ibrahim Balic, who reported uncovering the flaw in blog post. Trend Micro mobile threat analyst Veo Zhang later confirmed that the flaw is exploitable.
"We believe that this vulnerability may be used by cyber criminals to do some substantial damage on Android smartphones and tablets, which include bricking a device, or rendering it unusable in any way. In this context, the device is bricked as it is trapped in an endless reboot," he wrote in a blog post.
The vulnerability reportedly means hackers could build a Trojanised application to target any Android device, including those running newer 4.0 versions and above.
Trend Micro senior threat researcher David Sancho told V3 the company is yet to see evidence that hackers are actively exploiting the flaw but said the early disclosure by Balic could have alerted criminals to the flaw.
"Trend Micro has not seen evidence of exploitation at this moment. [But] as with every new vulnerability, this is no guarantee about the future. In fact, describing a new vulnerability might cause new attempts of exploitation."
He added that the flaw is particularly dangerous as it could be used by advanced hackers for a variety of purposes, outside of basic sabotage. "A possible use would be to destroy evidence that the device has been hacked by forcing a device reinstall," he said.
The danger posed by disclosing new flaws to the general public has been a constant issue within the security community.
During an interview with V3 in February Paul Ducklin, senior security analyst at Sophos, told V3 that future patches to Windows Vista, 7 and 8 could point hackers to vulnerabilities in Windows XP once Microsoft ceases support for it on 8 April.