By Tom Paye
Palo Alto releases figures around security vulnerabilities in Android 4.0
Over 178m Android-powered smartphones in the Middle East and Africa are potentially vulnerable to attack, according to new research published by Palo Alto Networks.
In a report designed to raise awareness over the risks associated with using the Android operating system, Palo Alto worked out the number of Android devices being used in the MEA region, along with what percentage of those would be at risk, to come to the conclusion.
The reason these phones are at risk is due to the ease with which attackers can penetrate Android apps, Palo Alto said. Android Internal Storage is a protected area that Android-based applications use to store private information, including usernames and passwords.
But Palo Alto Networks research has revealed that an attacker may be able to steal sensitive information from most of the applications on an Android device using the Android Debug Bridge (ADB) backup/restore function.
Most of the security enhancements added by Google to prevent this type of attack can be bypassed, Palo Alto said.
In terms of the number of phones at risk of such an attack, Palo Alto said that, in the MEA region, Android has the largest market share of all mobile platforms - around 40%. Of these, anyone using version 4.0 of Android - around 85% - is potentially vulnerable. Of the estimated 525.8m mobile users in the region, this amounted to over 178m phones at risk, Palo Alto said.
However, the vendor admitted that, to use ADB, an attacker would need physical access to the device, whether borrowing or stealing it from the user.
In the event of an attack, however, Palo Alto said the consequences would be dire: Over 94 percent of popular Android applications, including pre-installed email and browser applications, use the backup system, meaning users are vulnerable, the vendor explained.
Many Android applications will store user passwords in plain text in Android Internal Storage, meaning almost all popular e-mail clients, FTP clients and SSH client applications are vulnerable, Palo Alto added.
"We encourage users to be aware and Google to take a closer look at this storage weakness in Android. Given Android's place as the region's most popular mobile operating system, millions of users are potentially at risk here in the Middle East and Africa," said Saeed Agha, general manager for the Middle East at Palo Alto Networks.
Apple funded research??