Security on Android remains its weakest point. All too often, problems and issues arise that undermine the protection of users and their data.
A new flaw has recently been discovered that lets you install apps on your smartphone just by being close to the attacker. The flaw is in Android Beam and Google has already fixed it, so it’s time to update all smartphones.
New security hole affects Android
This new problem arose from an area where it was not expected. NFC file and document sharing on Android is the point of attack, leaving any user vulnerable. This is usually controlled, but there is a flaw.
With the proximity required from Android Beam, any attacker can install apps on Android smartphone. Just this is version 8 or later and the user has active NFC sharing. This is the simple scenario, which makes the device even more vulnerable.
Simple to install apps via NFC but it makes device vulnerable without the updates
The key flaw comes promptly with Google’s noticeable change to the compatible app installing permissions system from external sources. Until version 8 this was global and promptly changed to a specific permission application. Google normally authorizes Beam on Android, this is where the problem lies.
Thus, as noted above, proximity is sufficient for an attacker to connect via NFC and install apps. These apps can then behave maliciously and directly attack user data from within the smartphone.
Time to update your smartphone
Google immediately resolved the issue and has a fix. This comes in the October security update and should be installed as soon as possible. It is up to the manufacturers to make it available.
It is, however, here that the problem resides again. Even with indications from Google, many manufacturers insist on delaying these updates. There are many cases where they simply do not arise. Fragmentation is, and will be for a long time, Android’s biggest problem.