Android 5.0 Lollipop represents a leap forward in security terms

Android 5.0 Lollipop represents a leap forward in security terms
Android 5.0 Lollipop represents a leap forward in security terms

Perspectives on Lollipop differ, characterised as, the good, the bad and the ugly:

The good
If you're lucky enough to receive an OTA (over the air) update, you'll notice that the user interface has been significantly updated, but the real beauty stems from several key security upgrades under the hood, including a remote `kill switch' and Security-Enhanced Linux (SELinux) feature to lower the risk of vulnerabilities in all applications.

In addition, with Android Lollipop, encryption is turned on automatically for new devices. This is the first time data will be encrypted by default on Android devices.

There is also Smart Lock function that allows Android phones or tablets to be secured by Bluetooth, pairing them with an Android Wear device or a car-based system, assuming the car's Bluetooth facility is running Android Auto.

The bad

With impeccable timing, Check Point researchers made a presentation at the Black Hat Europe event in Amsterdam this morning about a significant security flaw with Android - although it remains to be seen whether Android will updated Lollipop to counter the problem, which leaves every Android device vulnerable to a cyber-attack.

According to the security vendor, the flaw enables hackers to override security features leaving critical apps such as mobile banking susceptible to attack, as well as enabling hackers to override any device security leaving passwords vulnerable and personal data at risk.

The vulnerability centres on inter-process communication (IPC) tool called Binder, the system component that makes the operating system run over hardware.

Check Point claims that, a the single point of communication, the Binder is a prime target for any Android malware, meaning that users are vulnerable to an override of all security measures in place by individual applications on the device, and all their communications being exploited and intercepted.

Page 1 of 2