The security investigation crew recently discovered a exposure in android's security model that allows a hacker to modify APK code without violating an application signature,which turns any reasonable application into a malicious Trojan,completely unobserved by the app store,the phone or the end user,.There were nearly 910 million android phones released in the past 4 years could be put-upon or some near to cent % of android devices. The exposure has obviously been around since android v1.6 and was exposed by the firm to Google back before couple of months ago.
Samsung Galaxy S4 has already obviously been striped.The exposure obviously allows a hacker to turn a appropriate app into malicious Trojan by modifying APK code without breaching the app's cryptography signature unaffected, thereby card-sharping android into believing the app itself is untouched and allowing the hacker to inflict their merry destruction.
The imperfection is made worse if an attacker attracts targets a subdivisions if apps developed by device makers themselves or arbitrator,that work with nearly with device makers and are granted system UID access .This subdivisions of app into far more than just mere app data,with the potential to snip passwords and accounts information and take over the standard running of the phone.
However the hazard to the individual and the organisation is great ,when it is compounded when considers applications advanced by the manufactures like SAMSUNG HTC SONY ...etc ,that are granted special lofty privileges within android specifically system UID access. The security recommendation is granted for the users from the security team are:
The imperfection is made worse if an attacker attracts targets a subdivisions if apps developed by device makers themselves or arbitrator,that work with nearly with device makers and are granted system UID access .This subdivisions of app into far more than just mere app data,with the potential to snip passwords and accounts information and take over the standard running of the phone.
However the hazard to the individual and the organisation is great ,when it is compounded when considers applications advanced by the manufactures like SAMSUNG HTC SONY ...etc ,that are granted special lofty privileges within android specifically system UID access. The security recommendation is granted for the users from the security team are:
- Device vendors should be extra cautious in relati the publisher of the app they want to download.
- Organisation with BYOD enactment should use to highlight the importance of keeping their device updated.
- It should see this exposure as another driver to move beyond just device management to concentrate on deep device reliability checking and securing corporate data.
Click on the link for more......
0 comments:
Post a Comment