Your Android smartphone only installs malware if you're being dumb (or do it on purpose) — not automatically, and not just because you're in Russia.
This is just ridiculous, even for American "news" television. A report from NBC News was exposed — and rightfully so — by Errata Security (via Techmeme) for being so misleading that, frankly, we almost don't know where to begin.
The short version: NBC News says you'll be hacked the moment you try to connect in Russia. And it tries to show that with two examples: New laptops, fresh out of the box, and an Android smartphone — which we'll focus on here.
In the piece, NBC's Richard Engel sits down with "top American security expert" Kyle Wilhoit — he works for Trend Micro, actually — and we see an Android smartphone downloading and installing malware. Oops. Hacked. Only, not really.
As Errata properly points out (and Wilhoit explains on Twitter as well, actually), this is all about visiting malicious sites, and not about actually being in Russia.
The story was fraudulent. It was about going to the Olympics in cyberspace (visiting websites), not going to their in person and using their local WiFi. — Errata Security
"Malicious software hijacked our phone — before we even finished our coffee."
What's more is that Android has safeguards built in by default. While it certainly is possible to hit a link and see a malicious app start downloading, it won't actually install without some other interaction. And one of the first checkpoints is the "Unknown sources" option. If your phone isn't set to install apps from outside Google Play — in other words, "unknown sources," it'll tell you. And in just about every retail phone we can think of, that option is turn on by default. Those are but two layers of security. There are others.
As anyone who's ever sideloaded an app (or watched TV) can see, there's been a little editing here. You don't see the permissions the malicious app declared. You don't see any of what actually happened — a point Wilhoit, who his credit, mentions on Twitter. As well as the fact that they weren't actually in Sochi — they were in Moscow. Not that it mattered. NBC was going to get the story it wanted.
And for what it's worth, you could plug your phone straight into a hacked computer and still have at least two other checkpoints to pass — USB debugging and the RSA key security mechanism that both must be allowed for something to be installed that way.
Hacking can and will always happen. There will always be exploits. We all need to be aware of the links we're clicking on, and the apps that we're downloading and installing.
And we need to not listen to NBC News when it tries to scare the hell out of folks just to tell a story.
We may earn a commission for purchases using our links. Learn more.
WeChat ban has been blocked by U.S. District Court
The Trump administration's ban on WeChat was set to go into effect today, but a U.S. district court judge just blocked it.
These are the best games for your Android phone
We're rounding up the best games, free and premium, you should be playing today.
Digital Wellbeing has been forgotten, but we need it now more than ever
Two years ago, the digital hygiene movement was in full swing. Now, during the pandemic, the idea of using our phones less has been abandoned, but should we bring it back?
Spice up your smartphone or tablet with the best icon packs for Android
Being able to customize your device is fantastic as it helps to make your device even more of "your own". With the power of Android, you can use third-party launchers to add custom icon themes and these are just some of our favorites.