Bug in Android allows attackers steal authentication data




According to security researchers, there is a bug in keystore, the share of Android which authentication data such as cryptographic keys, pin and unlock patterns are stored. Attackers, these data can identify and exploit.

The study was published by security researchers from IBM. Due to a bug in Androids keystore attackers can retrieve authentication data through a stack buffer overflow. On their website , the researchers explain in detail how the bug can be abused.

According to the discoverers is delayed publication until Google has been repaired, which has already been the case the bug. With the release of Android KitKat, 4.4.x version numbers, the bug would cease to abuse, but many users still have an older version of the mobile operating system. This are many Android devices susceptible.

Attackers could receive for services used. Conscious Android device by exploiting the bug authentication data in the hands Hackers could, for example authentication data for payment services and banks can get hold of. However, they shall install malware on a vulnerable device: it is necessary to perform in order to exploit the bug in code yourself. It is not clear whether abuse of vulnerability in keystore.


In: Technology & Gadgets Asked By: [15576 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »