Wednesday, July 30, 2014

Most Android users still vulnerable to failure already … – TeK.sapo

Security firm Bluebox back to take a leading position worldwide. According to the BBC, experts have discovered a new flaw in Android that allows hackers to take advantage of a verification failure of authority to access, among other data, banking information to the user.
 

This vulnerability was reported by the company that Google has now solved the problem with a software update. But only users with Android KitKat are safe – all other versions are vulnerable to attack, the British newspaper said.
 

Many of the outfits that are between Android 2.1 and Android 4.3 will not migrate to new versions of the mobile operating system, policy makers, so the vulnerability is a constant.
 

The case becomes even more seriously knowing that the users do not need to give any special permit applications so that they have access to information that passes by cellphone.
 

This is because the vulnerability Fake ID takes advantage of the lack of double checking the certificates of applications. For example, if Google sees the certificate of an application belongs to Adobe, but does not check if the certificate is legitimate or whether it was forged.
 

The CTO of Bluebox, Jeff Forristal, explained that a single application can bring several fake certificates. And in doing impersonate certain applications, malware can gain several levels of privileges on the smartphone, paving the way for the exploitation of phishing schemes and other thefts.
 

The best way to ensure the safety of equipment is to be restricted to downloading from the official store of Android applications, Google Play, as the U.S. technology makes an indirect safety devices – since no can directly control the update of all smartphones and tablets, at least patrol the store where most will download apps.
 

Last year the company security BlueBox was known to have found another serious security flaw in Android that affected 99% of the devices.
 


  Written under the new Orthographic Agreement

  

No comments:

Post a Comment