More than two thousand applications for Android and iOS have a vulnerability, which gives fraudsters access to your personal information
Yesterday, 21:34, Views: 94129
Researchers have found a vulnerability in the FREAK-mobile applications, threatening millions of users. Developers immediately set about fixing the problem. However, the company FireEye, dealing with security issues, released a new report stating that more than 2000 applications for operating systems Android and iOS continue to pose a threat to mobile gadgets.
Photo: Gennady Cherkasov
“FREAK-attack” is an acronym Factoring attack on RSA-EXPORT Keys, which means the method for selecting keys for encryption. This vulnerability in mobile applications allows criminals to reduce the encryption information in browsers, reports rg.ru. Users can enter in their original application data (password, credit card number, etc.), making them accessible to cyberhawks. In addition, they are actually able to control the device.
The company’s specialists had a diagnosis about 11 thousand popular applications for the system Android. It was found that about 11.2% (1200) programs, which together have been downloaded from the Google Play 6,3 million times, still retain FREAK-vulnerability. Unprotected programs for Apple was twice less – 771. It is noted that the risk persists even for those owners of gadgets that upgrade to iOS version 8.2.
The report says that most often become the target of attacks applications in which various financial operations, write dni.ru. Also of interest to attackers are medical programs and office applications. The purpose cyberhawks can become “theft” page on the social network “VKontakte” or Facebook. It is reported that the creators of mobile apps are already working on the bugs.
There is a FREAK More from the 90s and allows attackers to decrypt transmitted within the HTTPS-connection traffic. Special site FREAKAttack.com provides statistical data on vulnerability. We know that it exists, and in Internet Explorer 11 on a fully updated Windows 7, informs oszone.net.
Researchers from France and the United States believes that the vulnerability could be created deliberately to facilitate the work of US intelligence agencies, for example, all of the same NSA. Products based on the weaker encryption algorithms shipped abroad, and exports more reliable solutions was banned. At the same sites of the NSA and the FBI were also vulnerable.