Thursday, September 18, 2014

Flaw in Android allows theft of user data – Reuters



 The default Android browser, the open source that is not Chrome, had a serious vulnerability that leaves about 50% of users susceptible to data theft system. As discovered by security experts, the bug allows the user navigation is controlled in order to steal cookies and passwords and have access to written information in web forms.

The flaw occurs in the way the browser handles javascript, which prevents the browser policy can ensure common origin. The protocol prevents a run a script to interact with site content from other sites.

And what does that mean? With failure, basically any site controlled by a hacker could intercept the information being used in another page, since the two are open in the same browser.

“Imagine that entered the site of the coup while with its open another window email. The cybercriminal could steal your data from e-mail and see what your browser sees. Worse; could copy session cookies and even kidnap her through to read and respond to messages in their place, “says Tod Beardsley, technical chief Metasploit Framework, which disclosed the flaw in a post on your blog.

The open source browser was the default Android until the arrival of version 4.2, Chrome when this took place. Some parts of the browser continued to be used to control the web within other applications, but it also changed with version 4.4.

But, thanks to the fragmentation of Android, the browser continues to be widely used by users who are on older versions of the system. Only 25% of users are already in KitKat editing software, where there is no interaction with the application. According to statistics from Net MarketShare, between 40 and 50% of Android users still use the defective browser.

Google says it has identified the problem and launch an hotfix soon. However, the update can be problematic since, unlike Chrome, Android browser can not be updated by Google Play; would require an upgrade of the system as a whole. And, as is already known, the distribution of Android updates usually very time consuming, which will leave many unprotected for a long time

. <- Infotext1 -> <<----!> – infotext2 ->

Comments

All comments are subject to moderation. DD reserves the right to delete comments that do not comply with the rules of use. The comments are the sole responsibility of their authors.

LikeTweet

No comments:

Post a Comment