specialists from the company Bluebox (dealing with computer security) claim to have discovered a vulnerability in the Android system, which dates back four years and may affect 99% of mobile devices running on this operating system . Bluebox says that an error has occurred in the time available for Google Android 1.6.
class=”bbtext”>
/> Read also: - Symantec warns – first discovered ransomware attacking Android devices
- HP Desktop running on Android
- Google Android introduces new technology for compressing data
Error allows hackers to break into a digitally signed application (not taking control of the signatures) and modify it by nesting them, such as Trojans that steal data or take control of Android. Luka uses the errors exist in the technology used to verify the authenticity of Android. A burglar can then modify the APK (Android App Package), not taking control before digital signature.
Android works in such a way that after the installation (and build environment for the Sandbox) writes the accompanying digital signature. Each time an attempt to modify this application means that Android checks if the person making the modifications is entitled to do so, or if he knew the digital signature. Discovered by specialists from the company Bluebox gap, however, can make various changes to the application without having to enter the digital signature. Luka has been around for four years, ie since the emergence of the Android market bearing the working name Donut (version 1.6).
See also:- Juniper urged to pass on Android 4.2 – protect us from the majority of mobile threats
- Google is working on a project Loon – balloons providing Internet access
- Symantec warns – first discovered ransomware attacking Android devices
After implantation in the application of malicious software (eg, Trojan), a hacker can distribute them in different ways: by e-mail, posting on websites or applications by copying them to a USB memory. Placing the modified application (contains malware) in stock Google Play is not possible because Google hedges that block right at the entrance of the application. However, if a hacker cheat creator application (which is already in the store Google Play) and this decides to introduce himself to the malicious code, such an application may, however, be found in the store.
Bluebox has already informed Google and mobile device manufacturers working on Android (as well as anti-virus software developers) about his discovery, and can now only expect that they take up as soon as possible the necessary steps to prevent the intrusion exploiting this vulnerability.
No comments:
Post a Comment