First responders who use Android devices with versions 2.3.3 through 2.3.7, also known as Gingerbread, are at increased risk for malware attacks, says the Homeland Security Department and Federal Bureau of Investigation in an unclassified July 23 memo (.pdf) posted online by Public Intelligence.
Many of the security vulnerabilities have been fixed since that version was released in 2011, notes the memo to police, fire, EMS and security personnel.
Among the known security threats outlined in the bulletin:
- SMS text message Trojans that send text messages to criminal hackers at exorbitant charges. This can be avoided by downloading an Android security suite such as F-Secure Mobile Security or Junos Pulse Mobile Security Suite, among others.
- Rootkits that log user locations, keystrokes and passwords. This can be detected and removed by installing the Carrier IQ Test.
- Fake Google Play domains that trick users into installing malicious apps that steal sensitive information. This can be avoided by only downloading approved apps.
The notice recommends users report security incidents to US-CERT.
– download the memo, “Threats to Mobile Devices Using the Android Operating System” (.pdf)