Friday, August 1, 2014

“Superhole new type” found in Android – Dni.Ru

Photo: GLOBAL LOOK press

Researchers at Bluebox Labs released information about the vulnerability in Android. They claim that by using this error attackers could gain access to the functions of smartphones, tablets and stored them on personal data without user .

vulnerability was revealed three months ago, and experts Bluebox Labs notified about it from the Android developer Google. Patch that eliminates the problem, released almost immediately, but it did not save from the threat most owners of Android-devices, because the problem had been solved in the latest version of the OS, reports Daily Mail.

Smartphones and tablets that are running earlier versions of Android, starting with 2.1 (Eclair) and ending with 4.3.1 (Jelly Bean), and were not protected against unauthorized access. Discovered “hole” can seriously threaten your smartphone , since it can help hackers can spread extremely malicious software. Because of this, the English-language media called “hole” discovered Bluebox Labs, “superuyazvimostyu new type”

themselves BlueBox analysts call it Fake ID – “fake ID” , because with You can use it to cheat the system of digital certificates and applications give malicious program for the application of the official supplier to which the user is allowed access to the system.

In the company’s blog, CTO Jeff Forristal compared BUGS blog BlueBox, with burglar that goes up to the guard and makes a fake badge, and he looked at the false document, the attacker passes quietly into the building and making sure not to skip authentication.

Thus, the application being installed can be disguised as any program created by a reputable company. Installed on the smartphone or tablet Android system will not verify this fact and the application automatically bestow privileges, official programs available from the vendor. As a result, an attacker can easily introduce malicious code in the guise of the plugin .

Analysts BlueBox, when discovered vulnerability in the risk zone was 99% of devices running on the platform Android, but evidence that hackers had to use it, the company can not provide.

No comments:

Post a Comment