A group of Italian security researchers have discovered a new Android Denial of Service (DoS) attack that can render Google smartphones and tablets useless in a matter of minutes, making it the most severe Android DoS attack ever identified. This week’s Android security hole of note is a newly discovered flaw in all versions of Google’s Android OS for that could let Bad Guys execute Denial of Service (DoS) attacks and disable users’ smartphones and tablets in two minutes or less. The “previously unknown” exploit was identified by a handful of Italian professors and security researchers representing the Artificial Intelligence Laboratory at the University of Genoa, Italy, and it supposedly “allows a malicious application to force the system to fork an unbounded number of processes…thereby mounting a Denial-of-Service (DoS) attack that makes the device totally unresponsive. Rebooting the device does not necessarily help as a (very) malicious application can make herself launched [sic] at boot-time.” The exploit was tested and verified on a number of devices including Samsung’s Galaxy S and Galaxy Tab 7.1, LG’s Optimus One and the HTC Desire HD, according to the researchers. The group has reportedly notified Google of the security flaw, and the hole will be patched, using one of the fixes described in the research paper, in an upcoming Android software update. From the research paper: “[W]e presented a previously undisclosed vulnerability on Android devices which is the first vulnerability on Android that leads to a DoS attack of this severity. We also developed a sample malicious application, (i.e. DoSCheck) which exploits the vulnerabilities, and we proposed two fixes for securing the Android OS against the vulnerability. We reported such vulnerability to Android security team which will include a patch in an upcoming update of the Android OS. Furthermore, we plan to publicly release both DoSCheck code and patched systems in the very near future, accordingly with a responsible disclosure policy we are discussing with Android group and Open Handset Alliance.” Last week, I wrote a post on how I think modern Android security is a real issue, despite recent remarks from “security experts” who suggest the threat is overhyped and merely the product of security-software makers trying to hock their wares. While this latest threat has not been acted upon by hackers or other attackers, at least that I know of, it, along with the various other Android security flaws reported in this blog in recent weeks (1, 2, 3), represents a big ol’ bull’s eye on the Android OS. And it’s only a matter of time before a Bad Guys discovers a major Android flaw and puts it to misuse before a researcher who’s only seeking recognition. AS Artificial Intelligence Laboratory at the University of Genoa, Italy via TheNextWeb.com Related content opinion Trip to Ethiopia Trip to Ethiopia to meet with couple of microfinance institutions By Jiten Patel Jul 24, 2010 2 mins IT Leadership opinion CGAP - Virtual Conference Recap: Hurdles to Surmount for Microfinance - Capacity Building & Technology Good 2 day conference on challenges faced by Microfinance Institutions (MFIs) on the critical subjects of capacity building and By Jiten Patel Jul 09, 2010 1 min IT Leadership opinion CGAP Virtual Conference - Day 2 Jul 8th: Getting past the technology hurdles faced by MFIs CGAP Forum - Getting past the technology hurdles faced by MFIs By Jiten Patel Jul 08, 2010 1 min IT Leadership opinion CGAP Virtual Conference - Day 1 July 7 - Capacity building to improve vendor/MFI relations and outcomes CGAP forum - Capacity building to improve vendor/MFI relations and outcomes By Jiten Patel Jul 08, 2010 1 min IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe