Wednesday, July 9, 2014

Half of all Android smartphones are vulnerable to malware that … – TeK.sapo

At the end of 2013 was discovered a security vulnerability in Android that allows a mobile application to stop the calls in progress, you can make calls without the user being aware and can run USSD codes – equivalent to that mark to verify the balance.
 

A security flaw in Google operating system have been remedied in version 4.4, also known as KitKat, but all users are with versions 4.1, 4.2 and 4.3 of Android are still vulnerable.
 

As a rule only the applications that have the permission PHONE_CALL can make calls on smartphones, but with the vulnerability found ESAE is not the case.
 

So, a malicious software can make calls added value – and the number may or may not be controlled by the hacker – or you can start a conversation to hear conversations in stealth mode. This is because the user may not realize that the phone is on a call, despite being visible on the unit’s display.
 

In the most onerous scenario the user can go without balance in the equipment without realizing it. Running USSD codes can also pose some dangers since depending on the equipment and the operator concerned can result in blocking the SIM card.
 

If you have a smartphone with Android versions 4.1, 4.2 or 4.3 and has no prospects of receiving a software update for the KitKat version in the near future, you should consider getting a administrator permissions. So whenever the phone trying to make a call alone, never get unless the user approves.
 

The vulnerability was discovered by security firm Curesec and experts say that Google has been watching the store for Android applications to mitigate the applications that can exploit this flaw, writes PC World.
 

Within the segment of malicious applications that steal the balance users is another example: last year the TeK found an application in the Android Store Portuguese also subscribed messaging value added services without the user authorize.
 


  Written under the new Orthographic Agreement

No comments:

Post a Comment