Android leak late rogue apps take full gear




A leak in all Android versions from 4.3 to 1 M Preview allows attackers through a fake app without any special permissions were able to gain complete control over a device. Google has the leak prior to the unveiling.

IBM Security Intelligence suggests that the leak occurred in 55 percent of Android systems. The hack succeeded thanks to a vulnerability in the OpenSSLX509Certificate -class. Because that way a malicious app could obtain additional system privileges, it was not necessary in the Google Play Store to ask for special permissions. The researchers tried the exploit on a Nexus 5 with Android 5.1.1.

Once the app has achieved within his rights, for example, attackers can replace an existing application by a forged version, which can then send his login data to the attackers. Apart from the reboot there is nothing that a user being aware of the work of the exploit. IBM’s team presents the exploit at Usenix Woot ’15 in Washington next week. The paper they have written about it, is readily available.

Google has already poem leak through patched versions of Android 4.4, 5.0, 5.1, and M. Also, Google Play Services has been updated to help stop the leak.



In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »