Malicious hackers have slapped a bull’s-eye on the back of Android OS. Google’s OS was the target of 75 percent of all mobile malware during Q1 2012, according to F-Secure.
Most Android smartphone and tablet users probably know this. What they might not know, however, is whether their particular device is vulnerable. X-Ray, Duo Security’s free app, aims to resolve that mystery.
Once installed, the app quickly scans your Android phone or tablet, checking to see if it’s exposed to any of eight common Android OS vulnerabilities. The app is only available for downloading from X-Ray’s download page, not from the Google Play Store market. This means that, ironically, you must allow your Android device to install apps from unknown, non-Google Play store sources—which can put your device at risk if you’re not careful.
To enable your device to install X-Ray, go to Settings – Applications and then check the box next to “Unknown sources.” After installing and running X-Ray, you might want to go back and uncheck that box.
I ran X-Ray on both of my Android devices: the Samsung Galaxy Note, on which I have Android 2.3.6 installed, and Samsung’s Galaxy Tab 8.9, which uses Android 3.2. X-Ray’s scans detected that both devices were vulnerable to the Gingerbreak exploit.
What is Gingerbreak, exactly? “A commonly-abused vulnerability in the wild by Android malware, Gingerbreak affects the Android volume manager (vold) via, you guessed it, the same Netlink issue as Exploid,” explains the X-Ray app, adding that “badness ensues.”
I doubt the average Android user will know what the heck that means. Let me translate: Gingerbreak is a vulnerability through which malware can be installed on your device without your knowledge. The Gingerbreak exploit gives bad guys complete access to a device’s text messages, phone calls, data, and more.
Example: Angry Birds Space, when downloaded from unofficial app stores and not Google’s Play Store, has reportedly contained malicious files that, in essence, can give malicious hackers control over your device. These shenanigans are made possible because of a Trojan horse that uses the Gingerbreak exploit to install malicious code.
So now what? Unfortunately, X-Ray simply pulls the fire alarm; it doesn’t put out the fire. Instead, it offers next-step suggestions, which may be helpful for some but, for less tech-savvy users, probably not so much. See the screen shot below for its instructions.
James A. Martin is a seasoned tech journalist and blogger based in San Francisco and winner of the 2014 ASBPE National Gold award for his CIO.com blog. He writes CIO.com's Living the Tech Life blog and is also a content marketing consultant.