Risky Business #181 -- Android security FTL

Discover the horror of the Android patch process...
04 Feb 2011 » Risky Business

This week's edition of the show is brought to you by Tenable Network Security. We'll hear from Tenable's Paul Asadorian in this week's sponsor interview.

In this week's feature interview we're chatting with Immunity Inc's Bas Alberts about the security of Google's Android mobile operating system. As it turns out, Android's patching model is pretty awful.

To demonstrate the problems with Android, this week's feature guest, Bas Alberts, took a Webkit bug affecting the Chrome browser found on Android devices, attacked his boss's phone and used a garden variety Linux kernel local privilege escalation vulnerability to completely own the phone. He turned it into a video and it was uncomfortable viewing to say the least.

Bas works for Immunity Inc in the USA and joined me by phone to discuss his research and its implications.

Adam Boileau is back on deck to discuss the week's news headlines!