Security researchers at Bluebox Labs have discovered a new vulnerability in Android called Fake ID that lets malicious applications mimic the digital identity of a trusted app, giving it the ability to steal sensitive financial data or even take complete control of your device.
According to Bluebox, the vulnerability has been present in Android since the January 2010 release of Android 2.1, so if you’re currently using an Android device, it’s likely affected in one way or another. It is not believed that the vulnerability has yet been exploited.
Because of the fragmented nature of the Android operating system, Google will first need to provide your phone manufacturer with a fix for Fake ID, who will then need to develop their own firmware update to deliver to carriers. Some of these patches have been already released, so be sure to update your device immediately when a patch becomes available. Note that you may have to manually check for an update by visiting Settings -> About -> System Updates.
Certain anti-malware apps, such as Norton Mobile Security and Norton 360 Multi-Device, already protect against the Fake ID vulnerability. If you haven’t taken the time to download mobile security software onto your Android device, now would be a good time to do so. You can check out our mobile security guide for more information.
You can learn more about the Android Fake ID vulnerability by visiting the Bluebox Security blog.
[Phone with Android logo via Shutterstock]