- The Washington Times - Wednesday, July 6, 2016

Updates coming to Google’s Android operating system will reportedly make it more difficult for hackers to compromise mobile devices with ransomware, potentially resolving cybersecurity concerns raised by recent explosion of infections suffered by smart phones.

The next release of Android, code-named Nougat, is expected to be made available later this year. According to a blog post written Tuesday by Dinesh Venkatesan, a principal threat analysis engineer at security firm Symantec, the new OS will implement a feature intended to keep hackers from locking Android users out of their devices with ransomware, an increasingly popular type of malware that typically renders infected devices unusable until the cybercriminals responsible receive payment.

Ransomware infections caused more than $1.6 million in damages last year, per the FBI’s own account, and a report published last month by Kaspersky Labs revealed that the number Android users attacked with ransomware went up nearly 300 percent between 2014 and 2015. In light of that increase, Mr. Venkatesan said Tuesday that Nougat will be designed so that the operating system no longer allows users or software to reset device passwords — a feature commonly abused by ransomware developers to lock rightful Android users out of their phones until they pay to regain access.

The researcher said that resilient news ransomware variants emerged in 2015 amid a “ransomware evolution” targeting the Android operating system.

“These variants scare victims with a system error GUI and then reset the lockscreen password used to access the device,” he wrote. “Even users who manage to remove the malware without resetting the device may be unable to use the phone because they won’t be able to get around the password the malware sets.”

Upon the release of Nougat, however, programs running on Android smartphones and tablet will no longer be allowed to change device passwords.

“This development will be effective in ensuring that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat. Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat,” Mr. Venkatesan wrote.

The number of Android phones infected with ransomware increased from 35,413 in 2014 to 136,532, Kaspersky said in its report last week.

“Why is ransomware skyrocketing?” its authors asked. “First and foremost, because users pay.”

Roughly 1.4 billion devices were running versions of Android as of last September, Google said at the time.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide