Google Fixes Two Android DoS Bugs8:14 PM EST Mon. Oct. 12, 2009
Google released patches repairing two security flaws in its Android mobile operating system, which enabled hackers to launch denial of service attacks on users' smartphones.
The flaws, made public by the Open Source Computer Emergency Response Team (oCERT), affected Android version 1.5.
One of the most serious security vulnerabilities occurs in the way Android handles SMS messages. Hackers can create malformed SMS message from a badly formatted WAP Push message, which, in turn, could trigger a mobile phone to disconnect from the cellular network, oCERT reports in a security advisory.
Hackers could launch a DoS attack by creating a malicious application, which would then be sent to the user's mobile device, typically through some kind of social engineering scheme. The malware would subsequently trigger the affected API function and cause a system restart once users opened and downloaded the application.
"The same condition could occur if a developer unintentionally places the vulnerable function in a place where the execution path leads to that function call. Triggering this bug is considered a DoS condition," oCERT said in its advisory.
The Google Android OS is primarily used on consumer smartphones, but is starting to gain ground in the enterprise space.
Android gained some steam -- and credibility -- after numerous cell phone makers and wireless carriers recently announced plans to launch handsets built around the open source platform.
Altogether, the Google Android OS is the driving force behind nine devices with 32 carriers in 26 countries, according to The Wall Street Journal. While the Android has made clear strides on the consumer front, its steady emergence as a viable enterprise platform has also made it an increasingly attractive target for hackers.