It’s been about a week that the most popular mobile operating system in the world, Android, found a fault set (QuadRooter) affecting Android devices using Qualcomm SoCs. According to information from Check Point (largest specialized manufacturer worldwide security), there are more than 900 million affected devices.
Yesterday, 15 August, was released a new flaw in Android that endangers more than 1.4 billion devices can be stolen credentials of users
the security holes / vulnerabilities is a current topic in the world of operating systems for mobile devices, especially Android.
This time the blame can not be attributed to Google because the vulnerability is in the Linux Kernel level, in the version that is present from Android 4.4 (up to the latest versions of Android nougat).
This vulnerability allows the theft of passwords?
Yes! In practice if the user access to sites that do not use HTTPS risk of communications being intercepted and so credentials being stolen. In this case, the attacker can easily intercept unprotected communication and to inject malicious code into traffic.
Even if the communication is done via HTTPS, the attacker can intercept and terminate this communication.
the vulnerability makes it possible for anyone with an Internet connection to determine Whether any two parties are communicating over the long-lived transport control protocol connection, such as those que serves Web mail, news feeds, or direct messages. In the event the connections are not encrypted, attackers can inject malicious code Then or content into the traffic. Even When the connection is encrypted, the attacker may still be able to determine the channel exists and terminate it. The vulnerability is classified the CVE-2016-5696.
So far there is no official information from Google on this failure despite this knowledge of its existence. However, as mentioned, this is not a failure of Google but the Linux kernel.
As a means of security, you should only access secure web pages, making use of HTTPS (see the it happens when pages do not use HTTPS) to transfer data between client and server.
it is estimated that 80% of Android devices all over the world are affected by this serious flaw.
No comments:
Post a Comment