Is Your Android Phone Vulnerable?

Before using your Android phone to log in to your bank account or VPN, check out your current OS. Sensitive data may be at risk with v. 4.3 / Jelly Bean.
Android Jelly Bean Logo

Before you use your phone to log in to your bank account or VPN, take a look at your current Android version. If you have 4.3, also known as Jelly Bean, some of your sensitive data may be at risk.

Such as the problem with the Android KeyStore. This is a part of your OS that is dedicated to storing cryptographic keys and other credentials used for getting into secure networks. KeyStore has a bug that will allow attackers to execute malicious code that gives them access to keys used by online banking, finger patterns used to unlock your phone, virtual private network services and other sensitive apps.

The attacker must have the same app installed on their phone to log in with your credentials. However, many apps have additional layers of protection that can help keep hackers from getting your information. For instance, most banking apps require that you sign in each time you access them. Apps that allows you to sign in once then return without providing credentials can be vulnerable. So, if you have this vulnerability and stay logged into Twitter, an attacker could log into your account and send spam or phishing messages using your account.

This can be an especially serious issue for people who access their company’s VPNs through their mobile phones or tablets. This can leave your company’s data and networks vulnerable to attacks, since your credentials can get attackers through the firewall.

If you use your mobile device for work, drop by the IT department or help desk to find out whether your phone could be at risk. Better to spend a few days off the network while a solution is found than to deal with the headache of a major exploit.