The two researchers – Jon Oberheide and Zach Lanier – previously created an app that acted as a proof-of-concept application that allowed malicious developers to covertly install additional applications. The security issues underlying that app – posted in late 2010 – were quickly remediated by Google, Infosecurity notes.
According to the CBS newswire, Oberheide and Lanier have gone public with the YouTube video as they are drumming up interest in a security training course they will hosting at a Spanish conference this November.
The first bug, says the newswire, is described as affecting all Android handsets, regardless of the operating system version, so allowing attackers to install additional applications without needing to ask permission.
“The other vulnerability is specific to the Samsung Nexus S, letting an attacker gain root access and then gain full control over the handset”, the newswire notes.