Each year, we hear security breaches in all the sections of technology. 2014 was no different, there were some of the major security breaches including Sony, U.S. Homeland Security, JPMorgan credit card hack, etc. Android also suffered from many major data breaches which put some of the biggest companies in bad light.
Security breaches are not new, this problem has been increasing the blood pressure of major tech giants for quite some time. Earlier, the security breaches were done to leak the confidential information of customers including credit card information, username, passwords, contact information, private addresses, image s, etc. But in 2014, we saw that the reason behind hacking was not to gain confidential information but to leak the information to the public from government and other such institutions.
Android sector also saw some of the biggest security breaches. Some of the giant Android companies were targeted in 2014, resulting in the breach of user’s private data and information. We have compiled a list of top Android security breaches in 2014, let’s have a look.
Top Android Security Breaches In 2014
Heartbleed bug caused a major panic last year. The Heartbleed bug bypasses the OpenSSL encryption, which normally encrypts data communication between a server and a computer, leaving personal and confidential information exposed to hackers. It was found that this bug had been around for quite some time. Although, no one knows if any confidential information was gained by the hackers via this bug.
Although, Heartbleed was generally associated with computers, Android devices were also susceptible to this attack. It was reveled that Android devices running the 2012 version of Google’s Android OS are susceptible to the bug. Although, Google said that most of the devices were immune to the bug, except some limited device, researchers found that it still covered millions of devices. According to the security experts, vulnerable devices includes phones and tablets from Samsung, HTC and others popular smartphone manufacturers including more than 300 million device.
Although, many device were patched against the flaw, the update cycle is very slow. Not to mention that all the users update their devices that frequently. Thus, many users are still vulnerable to the attack at the moment.
Snapchat is a self destruct kind of messaging service. The main idea behind the app was that the message will self expire automatically after some time. This made the app very popular since the users were able to send self destructible images to each other. This meant that a lots of private images were shared through Snapchat. Hackers were somehow able to get their hands on about one hundred thousands of images and videos which largely included private data from users with age of 13 to 17. Some of these private images and videos were classified under child pornography.
A reddit user found a flaw in Skype which makes eavesdropping like a child’s play. According to the user, under some circumstances, you can place a call without the other user even accepting the call. This means that any user can eavesdrop on any other user. Although, this bug seems to be the how Skype’s Android app connects the calls.
Tinder is an amazing app which allows you to make new friends via your smartphone. This app allows random people to meet with each other and hookup. But somehow, instead of profile of a potential partner, they were redirected to malicious websites which were infected with malwares.
Fake ID Flaw
Bluebox Security, a research company, found a big flaw in how the Android identifies the app developers. They found a way to bypass Android’s signature verification process which means that any malicious Android app could potentially be enabled to run on a user’s device. According to their research,
an attacker can create a malware app and Fake ID to claim that it was created by Adobe. So now when a user installs the app, Android gives the app special access. You can read all about this security threat on the original post.
Android OS update with a bugs
2014 came out with one of the most successful Android OS update, Android 5.0 Lollipop. But, mere hours after the update was released, users started complaining about the bugs. WiFi dropped, audio quality started deteriorating and finally the phone’s audio failed completely.
Fake Android The Interview app
You might have heard of The Interview movie, which has been getting a lot of media attention. So, some spammers have created an app which was designed to steal online banking information. The Interview Android app is pushing an Android Trojan which was identified as Android/Badaccents. Up to date, more than 20,000 were affected and their information was relayed back to a Chinese mail servers.
The app checks the device manufacturers, if its Samjiyon or Arirang smartphone devices, it bypasses infection routines, displaying a failed connection. Otherwise, it tries to steal the banking information. You can find additional information about the fake Android The Interview app here.
Android browser flaw leaks data
Android WiFi leaking location
According to researches conduction by Electronic Frontier Front (EFF), some Android devices running Android 3.1 Honeycomb or later broadcasts the name of last 15 WiFi, the device was connected with. The main problem was that the device leaks the WiFi names even when the device’s screen was off. This bug was a feature found in Android 3.1 and later, known as Preferred Network Offload (PNO). This feature was designed to help devices to connect to WiFi even in a low power state. This issue could have been serious if the WiFi network has reveling names such as your home, restaurant, hotels, etc names where you have been recently.
Also this bug was not just confined to Android device, many OS X and Windows 7 laptops were found to be affected with this bug. Although EFF doesn’t consider it much of a threat, since users generally roam around with laptops.
A bug was found which could breach the data of the users, but it the bug was found just in time. Only one user’s data was compromised, who was informed by the way and no financial information was leaked. In the following update, Spotify fixed the bug and the whole issue was resolved.
These were some of the top Android Security Breaches in 2014. What do you think about these breaches? Did we miss something? Please review in the comments section.