Kaspersky Launches Free Android Vulnerability Scanner

android Fake ID flaw Bluebox

Kaspersky Fake ID Scanner looks for familiar bugs like Heartbleed, MasterKey and FakeID

Russian security vendor Kaspersky Labs has launched a free Android app that can check a smartphone or tablet for major vulnerabilities.

Kaspersky Fake ID Scanner can detect the presence of such well-known bugs as FakeID, Heartbleed and MasterKey.

Android is widely considered to be the least secure mobile OS due to its dominant position on the market, open nature and availability of third-party app markets with bad security practices. According to Kaspersky, last year 98 percent of all mobile malware was targeting Android.

Get tested

Known vulnerabilities can give the attacker an easy way to compromise the unpatched system – this holds true not just for PCs and servers, but also tablets and smartphones.

Kaspersky ScreenshotAnd yet earlier this week UK National Crime Agency warned that 56 percent of mobile device owners occasionally skip on software updates, and 19 percent sometimes download files from unknown sources and click on unfamiliar links.

Kaspersky says that even apps that look legitimate and offer full functionality can carry malware using the recently discovered vulnerability called FakeID. That’s why the company created a scanner application which detects known vulnerabilities and warns if any application attempts to exploit them.

When Fake ID Scanner finds a known issue, it prompts the user to install a free version of Kaspersky Internet Security for Android, but then again, they can simply opt to patch their device.

The app also tests for Heartbleed by checking the version of the OpenSSL encryption library, as well as Master Key – the nasty flaw which first surfaced in July 2013 and can enable the attacker to turn any legitimate application into a malicious Trojan.

Some of the interesting Android malware examples discovered in the last few months include MouaBad.p which can secretly call premium-rate numbers, Koler.A ransomware which encrypts mobile device storage, and Krysanec, which was found to be piggybacking on top of a security application from ESET on dodgy third-party app markets.

What do you know about Android? Take our quiz!