Your Android smartphone only installs malware if you're being dumb (or do it on purpose) — not automatically, and not just because you're in Russia.
This is just ridiculous, even for American "news" television. A report from NBC News was exposed — and rightfully so — by Errata Security (via Techmeme) for being so misleading that, frankly, we almost don't know where to begin.
The short version: NBC News says you'll be hacked the moment you try to connect in Russia. And it tries to show that with two examples: New laptops, fresh out of the box, and an Android smartphone — which we'll focus on here.
In the piece, NBC's Richard Engel sits down with "top American security expert" Kyle Wilhoit — he works for Trend Micro, actually — and we see an Android smartphone downloading and installing malware. Oops. Hacked. Only, not really.
As Errata properly points out (and Wilhoit explains on Twitter as well, actually), this is all about visiting malicious sites, and not about actually being in Russia.
The story was fraudulent. It was about going to the Olympics in cyberspace (visiting websites), not going to their in person and using their local WiFi. — Errata Security
"Malicious software hijacked our phone — before we even finished our coffee."
What's more is that Android has safeguards built in by default. While it certainly is possible to hit a link and see a malicious app start downloading, it won't actually install without some other interaction. And one of the first checkpoints is the "Unknown sources" option. If your phone isn't set to install apps from outside Google Play — in other words, "unknown sources," it'll tell you. And in just about every retail phone we can think of, that option is turn on by default. Those are but two layers of security. There are others.
As anyone who's ever sideloaded an app (or watched TV) can see, there's been a little editing here. You don't see the permissions the malicious app declared. You don't see any of what actually happened — a point Wilhoit, who his credit, mentions on Twitter. As well as the fact that they weren't actually in Sochi — they were in Moscow. Not that it mattered. NBC was going to get the story it wanted.
And for what it's worth, you could plug your phone straight into a hacked computer and still have at least two other checkpoints to pass — USB debugging and the RSA key security mechanism that both must be allowed for something to be installed that way.
Hacking can and will always happen. There will always be exploits. We all need to be aware of the links we're clicking on, and the apps that we're downloading and installing.
And we need to not listen to NBC News when it tries to scare the hell out of folks just to tell a story.
We may earn a commission for purchases using our links. Learn more.
The Samsung Galaxy Z Fold 3 will need all-new glass if it has S Pen support
Half of what makes the S Pen great lives inside the display. Getting that half to work well with a folding screen isn't going to be an easy feat.
You voted: these are the best Google Play apps, games, and movies of 2020
The winners of the Google Play Users' Choice Awards have been announced, highlighting this year's favorite apps, games, and more.
Cyber Monday Canada: Last-minute deals for everyone on your list
There's no getting around it: Cyber Monday is the best time to buy the tech (and other stuff) on your wishlist.
These accessories complete your Chromebook perfectly
Your Chromebook is a productivity machine, and staying productive wherever you are also means having the right accessories to complete the experience.