Reuters

(Reuters)

Mobile Security Expert Says He Found Bugs in Android

Features Reuters

A mobile security expert says he has discovered serious security flaws in Google Inc's Android operating system.

Continue Reading Below

Riley Hassell, who caused a stir when he called off an appearance at a hacker's conference last week, told Reuters he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear that criminals would use it attack Android phones.

``When you release a threat and there's no patch ready, then there is mayhem,'' said Hassell, founder of boutique security firm Privateer Labs.

Hassell said he and Macaulay alerted Google to the software shortcomings they had unearthed.

Google spokesman Jay Nancarrow said Android security experts had discussed the research with Hassell and did not believe he had uncovered problems with Android.

``The identified bugs are not present in Android,'' he said, declining to elaborate.

Continue Reading Below

It was the first public explanation for the failure of Hassell and Macaulay to make a scheduled presentation at the annual Black Hat hacking conference in Las Vegas, the hacking community's largest annual gathering.

They had been scheduled to talk about ``Hacking Androids for Profit.'' Hundreds of people waited for them to show up at a crowded conference room.

Hassell said in an interview late on Thursday that the pair also learned -- at the last minute -- that some of their work may have replicated previously published research, and they wanted to make sure they properly acknowledged that work.

``This was a choice we made, to prevent an unacceptable window of risk to consumers worldwide and to guarantee credit where it was due,'' he said.

A mobile security researcher familiar with the work of Hassell and Macaulay said he understood why the pair decided not to disclose their findings.

``When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information,'' the researcher said. ``When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy.'' (Reporting by Jim Finkle; editing by John Wallace)

What do you think?

Click the button below to comment on this article.