Yet more Android vulnerabilities discovered – 10m users potentially affected

Following news earlier this month that budget Android phones had been pre-installed with malware, another story about Android vulnerabilities emerges.

According to a report by Palo Alto Networks, a backdoor known as ‘CoolReaper’ has been discovered in the software that powers at least 24 models made by Coolpad, the Chinese smartphone manufacturer. The flaw allows hackers to download and install software – including malware – without the user’s permission.

So far, the impact of CoolReaper has only hit China, but as Coolpad’s global market share – currently 3.7% – grows, the vulnerability will present an increasing threat to users worldwide. In China, Coolpad devices already outsell Apple and Samsung products, and the company aims to have sold 60 million phones worldwide by the end of 2014.

Palo Alto Networks’ report says:

“We do not know how many Coolpad devices contain the CoolReaper backdoor. Considering that CoolReaper appears to have been developed and embedded into 24 phone models in the last 12 months, and the Coolpad sales targets published by IDC, it’s possible that over 10m users have been affected.”

BYOD implications

The CoolReaper vulnerability is the latest in a long line of security issues affecting Android phones. According to a report from Cisco, “when mobile malware is intended to compromise a device, 99 percent of all encounters target Android devices”.

If your organisation supports BYOD (bring your own device), your corporate data could be at risk. A BYOD policy is absolutely essential.

The IT Governance BYOD Policy Template Toolkit provides a complete, customisable BYOD policy and an Acceptable Use Agreement, together with implementation guidance. The toolkit can be used on its own or within any ITGP documentation toolkit.

A BYOD policy is an essential part of an information security management system (ISMS), an enterprise-wide approach to information security as set out in the international best-practice standard, ISO 27001.

Implementing ISO 27001 can be a complicated and time-consuming process. Fortunately, the No 3 Comprehensive ISO 27001:2013 ISMS Toolkit Suite provides organisations with everything they need in order to successfully implement ISO 27001, including four standards, two bestselling guidebooks, and vsRisk™ – the ISO 27001:2013 risk assessment software tool. What’s more, customers who buy this documentation toolkit in December 2014 will receive three hours of Live Online consultancy support for free.

Click here for more information >>