Thursday, July 26, 2012

Android in danger - some serious vulnerabilities

At the Black Hat hacker conference in 2012 on the protection of information professionals from various companies and government agencies showed the audience some very dangerous vulnerabilities in the popular mobile platform Android. In particular, it was shown to bypass the security systems in the official application store, in the short-range wireless communication technology NFC and in older versions of the operating system itself.

Experts from the division of Trustwave SpiderLabs demonstrate the problem in the technology Bouncer, which is used for automatic analysis of the applications submitted for publication in the App Store. Due to still resolve the issue, attackers can bypass the protection and introduce arbitrary code on almost any Android-device. The result is a serious risk that the next application that will be all the stages of selection and will be published in Play Market, would be harmful.
One of the best applications for protection against malicious software is also Kaspersky MobileSecurity.

Speaker of the company Accuvant showed another potential attack vector associated with the delivery of malicious code on the Android-devices with wireless interface NFC (Near Field Communications - Short Range Communication). NFC chips are now installed in most expensive and popular Android-smartphone. The author of Charlie Miller (Charlie Miller), who in his time of 5 years in the U.S. National Security Agency, has invented a compact device the size of a postage stamp that can be placed anywhere (at the cashier in a store or vending machine), mainly in those places where people are kept up with cell phones in their pockets, or will be calculated using the NFC, which allows the machine to infect the unsuspecting user without his or her knowledge.

In addition to the above risks have been sounded, and other topical issues. Same with Charlie Miller, a researcher from another company CrowdStrike found a "hole" in a standard web browser Android. Of course the discovery took place in February of this year, after which the authors have publicly notified the developers of Chrome, so that new versions of Chrome for Android problem has been solved. However, this version can not support more than 10% of devices with the operating system version 4.0. Even fewer vehicles running on version 4.1, which is the main Chrome browser, so that most Android users are still susceptible to attack, described nearly six months ago.

Strictly speaking, the sad discovery in the Black Hat conference in 2012 should make manufacturers and operators to move quickly on the platform Android 4.0/4.1, only this time it is not in the new features and lotion, and security. Incidentally, in this respect, the company won the praise of Apple, which spreads very quickly forced an update for devices iPhone via cellular operators. Compared to iOS, in the words of one of the speakers Black Hat 2012, Android is still a "Wild West".

According to the materials and sites IT Pro Phandroid.

Safe use of Android devices

No comments:

Post a Comment