If you have an Android 2.2 or 2.3 based smartphone, that device could be vulnerable to an attack which could cause the device to be placed under the control of outside users. That's the claim, anyway, from a newly revealed software security firm called CrowdStrike. The company says it has found a flaw in Google's mobile OS that could allow for such an attack to happen.
Reuters reports that, according to CrowdStrike, an attacker can simply send an email to an Android-based smartphone with a link embedded in the email. If a person clicks on the link, the smartphone gets hit with the attack. CrowdStrike claims the now infected phone can be accessed remotely by the attacker for listening in to phone calls or tracking the location of the phone.
Dmitri Alperovitch, the co-founder of CrowdStrike, states:
With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices.
CrowdStrike plans to demonstrate how this Android flaw works at a computer software conference next week. The attack currently works on Android 2.2-based phones but CrowdStrike claims it will be able to demonstrate how to launch a similar attack via a bug on Android 2.3-based phones by next week as well. Google has not yet commented on CrowdStrike's claims.