The recent times have been complicated for Google and Android, given the number and complexity of security problems that have emerged.
But how security researchers are constantly testing and validating the operating systems, there was now more a failure affecting Android multitasking mechanisms. Failure is the serious affects all the latest versions.
The latest flaw was discovered by researchers of the Cyber Laboratory Security at the University of Pennsylvania that had the last USENIX Security 15 conference.
According to what was presented and described in paper published (PDF), Android has a serious failure in multitasking mechanisms that allow malicious applications can steal data access for users, without their notion of it.
This malicious applications can simulate other real interfaces and hereafter data is taken and used by the attackers.
The severity of this problem is not in how it’s exploited, but the Android core component underlying the mechanisms control of multitasking tasks.
The researchers found that this failure evaluated more than 6.8 million applications in various stores Android applications and mostly the fault could be exploited in a simple way, without any control by the users.
It is also therein lies much of the problem. The total Android applications stores are not controlled by Google and all possible measures were applied to detect this type of applications would not be comprehensive.
Even if a solution is created, it would have to be applied unified way on Android, which again is a problem due to the high fragmentation that exists in this ecosystem.
The solution is, again, the users of care in installing only valid stores applications and safe, precavendo problems and defending themselves.
Google’s answer to this problem
This issue has been addressed to Google who recognized him, but with a indication that can not be exploited because of several security measures that apply in your store.
We appreciate this theoretical research the it makes Android’s security stronger.
Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features.
Although it is a fact, many users are forced to use other application stores, such as Chinese in which case the Android store is locked, which prevents them from having access to all these security guarantees.
Even with all the news which has shown, this has not been a good year in the field of security for Android, which lets the users afraid for their safety and that of your data.
No comments:
Post a Comment