The operating system of Google is again the center of discussion and again for reasons abonatórias bit. A group of Chinese scientists claimed to have discovered a security flaw in Android that allows to overcome the signature of encrypted applications, a situation that endangers millions of users.
The vulnerability despite being different from discovery by company Bluebox security, based on the same logic. Hackers exploit the difference between the process of checking and installing an application to create two files with identical names – what is checked is the true signature, while it is installed is the package that contains malware.Thus, applications that exist in the Google Play Store and should be free of malware may ultimately be compromised. However the bug discovered by computer Oriental has an impact as big as the Bluebox – which can affect 99% of Android smartphones and tablets – as it is limited to handling files of type. Dex with up to 64KB, as explained The Register.
According to a security expert heard by ComputerWorld, the method is plausible and credible. Google has not made any official comment on the new theoretical vulnerability found.
The Chinese team called Android Security Squad discovered a bug related to Java that reproduces the same results, vulnerability that is explained in detail in the technical Blog of Asian researchers.Google has patched the security flaw found by Bluebox and has already sent the solution for manufacturers who need to get the update to the largest possible number of users.
Written under the new Orthographic Agreement
No comments:
Post a Comment