Security issues have been attacking force in the operating systems and every day we become aware of new ones. Are faults with varying degrees of danger affect users and in many cases the privacy of your data.
A new failure Android was revealed and is based on a problem that many of the remote support applications have. The worst problem is that this can hardly be resolved.
This new flaw, which has the Certifi-Gate name, focuses on how remote support applications authenticate and interact with Android permissions management plugins.
These tools which many users often do not know they are present in Android, are pre-installed by most manufacturers in their versions of Android and serve for remote support and information gathering on their part or the mobile operators.
Failure which was described at the Black Hat conference, which is taking place in Las Vegas, was discovered by researchers from Check Point, and is present in the equipment of the leading OEM manufacturers of Android universe.
How to authentication between these systems is performed with the use of certificates, as it is the simplest and, it was believed safer. But the truth is that you can change applications and thus lead to the systems start to collect information about users.
On the need to collect a lot of information and access to sensitive areas of Android these applications have unrestricted access , which is now exploited in this attack.
After being on the Android and why have these permissions granted, can now perform actions as simple as connecting the microphone and record conversations or collect everything you write.
The biggest problem in this vulnerability is that the use of these certificates is made for several applications, these can not be simply revoked . Even result in changes in applications, to eliminate the possibility of being exploited the flaw, attackers can simply force users to install older versions, where the problem manifests itself.
The manufacturers where this problem was detected are already working on a fix, but again there is no guarantee that will be installed on all equipment.
The way of users to protect themselves is known and often remembered. Should only install applications from trusted sources, ensuring that they are original and have not been tampered with.
No comments:
Post a Comment