Google’s latest operating system Android Nougat will employ a new condition that will prevent ransomwares from resetting a device’s password. (Representational image)

Mumbai: Realising the need to curb increasing malware count, Google’s latest operating system Android Nougat will employ a new condition that will prevent ransomwares from resetting a device’s password using the ‘resetPassword’ API.

According to a Symantec report, numerous dangerous malwares including Android.Lock.E variants with advanced capabilities emerged during the first quarter of 2105. All these malwares are capable of tricking the users and resetting their lockscreen password used primarily to access the device.

Symantec said, “Even users who manage to remove the malware without resetting the device may be unable to use the phone because they won’t be able to get around the password the malware sets.”

An earlier research by the security firm showed that these ransomware malware set or rest home-screen passwords (either a pin or pattern) by summoning the ‘resetPassword’ API.

symanatecSource: Symantec
Nougat to the rescue

According to the new report, Android Nougat will introduce a new clause/condition to prevent the invocation of resetPassword API for resetting the passwords; only setting the password will be allowed.

“This development will be effective in ensuring that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat,” said the report.

However, users should also be cautious of the fact that the new OS will prevent malwares from resetting the password; it won’t stop them from setting the password on devices with no existing passwords.

Unfortunately, the new feature will also affect standalone disinfection utilities that are largely dependent on ‘resetpassword’ API. A disinfector tool is an automated tool designed to help users to combat devices with an infected malware.

“With Android Nougat’s new restrictions, the disinfector’s ability to call that API is bound to fail. This is likely to affect a small percentage of users who use disinfectors,” added the report.

To help prevent mobile threats, the security firm has listed down a few tips:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data

[Source:- Deccan Chonical]