Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.
Welcome to the latest entry in our Bonus Round series, wherein we tell you all about the new Android games of the day that we couldn't get to during our regular news rounds. Consider this a quick update for the dedicated gamers who can't wait for our bi-weekly roundups, and don't want to wade through a whole day's worth of news just to get their pixelated fix. Today we've got a casual flight simulator, a hellish puzzle game, an ambitious space fighter, a sneaky Scrabble variant, a motorcycle trick game, and a virtual hacking title.
Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.
In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range.
As Android's market share continues to grow, it is inevitable that it will become a target for viruses and other malware. Indeed Steve Chang, the chairman of Trend Micro, a provider of security software, cautioned that Android is far more susceptible to malware attacks than iOS.
In an interview with Bloomberg, Chang claimed that Android's open source infrastructure allowed hackers to better understand the underlying architecture and source code.