Riley Hassell and Shane Macaulay were all set to go on stage at Black Hat and describe a few methods of hacking Android devices. But they never appeared: at the last minute, they decided not to reveal the vulnerabilities they had discovered. Why? “To prevent an unacceptable window of risk to consumers worldwide and to guarantee credit where it was due.”
How very white hat! Yes indeed, Hassell and Macaulay were concerned that going public with these vulnerabilities might have resulted not in a scholarly discussion and plugging of the security hole, but a feast of hackery as millions of handsets succumbed to unpatched exploits. They also learned just before going on stage that their discovery may have replicated some earlier findings, and they wanted to make sure they were making the proper acknowledgements. So they no-showed.
So what’s the vulnerability? They aren’t saying just yet. And according to Google, “The identified bugs are not present in Android.” Very illuminating! We’ll see about that, I’m sure.
So many undiscriminating hackers and hacks are in the news these days that I felt it only right to call attention to a couple guys doing things right. With luck this security hole (which doesn’t exist) will be patched and we’ll all be a little safer next week.