A security flaw discovered by experts on Monday (15) puts the Android again in the hot seat. The problem allows hackers to intercept communications with any site or app without encryption and inject malicious code on the way. The gap would affect all versions of the system since the Kitkat 4.4, used by 1.4 billion people in the world.
The blame this time, however, is not Google. The vulnerability is part of the Linux kernel introduced from Android 4.4 and present to the Beta versions of Android Nougat. In practice it is a mistake that endangers the navigation for any app or website without HTTPS, leaving exposed to passwords and e-mail user names.
The hacker only needs to have a computer connected to the internet to track and attack fragile connections between a mobile phone or Android tablet and an unprotected location. The criminal can inject malicious code in communication and require the user to re-enter their credentials, mimicking a server failure -. In fact, the victim was delivering his spoon-fed data
There is still no solution to the problem but Google is already aware of the case and has engineers looking for a way to deter future attacks. In a statement to the Ars Technica , the search giant said it “is taking the appropriate actions.”
for now, the only way to protect yourself is to avoid talking in chat or exchange emails in apps that do not offer HTTPS connection. The same goes for shopping sites unencrypted connection. When in doubt, an alternative is to use VPN to secure communication between your mobile phone and accessed the server.
No comments:
Post a Comment