Android leak late rogue apps take full gear




A leak in all Android versions from 4.3 to 1 M Preview allows attackers through a fake app without any special permissions were able to gain complete control over a device. Google has the leak prior to the unveiling.

IBM Security Intelligence suggests that the leak occurred in 55 percent of Android systems. The hack succeeded thanks to a vulnerability in the OpenSSLX509Certificate -class. Because that way a malicious app could obtain additional system privileges, it was not necessary in the Google Play Store to ask for special permissions. The researchers tried the exploit on a Nexus 5 with Android 5.1.1.

Once the app has achieved within his rights, for example, attackers can replace an existing application by a forged version, which can then send his login data to the attackers. Apart from the reboot there is nothing that a user being aware of the work of the exploit. IBM’s team presents the exploit at Usenix Woot ’15 in Washington next week. The paper they have written about it, is readily available.

Google has already poem leak through patched versions of Android 4.4, 5.0, 5.1, and M. Also, Google Play Services has been updated to help stop the leak.


In: Technology & Gadgets Asked By: [18440 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]