Tuesday, November 3, 2015

New hole in the security of Android, created by the SDK Baidu – Pplware

The modularity and openness of Android is one of its greatest strengths, but at the same time one of its biggest flaws.

Following other newly discovered faults, now comes another, which is emerging the result of a problem in Baidu development SDK and affects 100,000 devices .

 android_baidu_1


The new flaw comes from Moplus, SDK that Baidu provides for the creation of Android applications. Although not a public SDK, many applications have been created based on it.

Of the more than 14,000 applications created using the Moplus only 4000 are the responsibility of Baidu, the remainder being responsible for other programmers .

The flaw was discovered by Trend Micro and is based on a behavior of this SDK that launches an HTTP server on Android devices where these applications are installed. This server does not use any authentication accepts direct commands from the Internet without any verification.

These commands can be used to obtain sensitive user data such as messages, calls or locations.

But the worst is that still allows them to be added new contacts, submitted files, outgoing calls, filed false messages to users or to installed applications

 android_baidu_2

In the case of devices that have root done, the SDK allows you to install silently applications, without the installation notifications to be displayed, and so the bigger and more difficult problem to fight.

Researchers at Trend Micro also discovered the first malware that exploits this flaw and is already the attack, managing to install unwanted applications. The name by which this malware is known is ANDROIDOS_WORMHOLE.HRXA.

The Trend Micro believes this new failure, Moplus could be even worse than Stagefright, discovered earlier this year. The Stagefright forced the attackers to send multimedia messages with malicious code or that would lead users to click on certain links.

In order to explore the Moplus failure attackers only need to send HTTP requests to all addresses IP of the mobile operators’ networks and quickly find their victims.

 android_baidu_3

Both Google and Baidu were alerted to this problem and the Chinese company was quick to solve it, releasing a new version of its SDK, Now the problem solved.

Baidu also corrected all your applications already use corrected version of its SDK, thus eliminating the problem.

But once again the problem will be difficult to eradicate, since many of the programmers who have used the previous version of the SDK will not update their applications.

LikeTweet

No comments:

Post a Comment