Saturday, May 24, 2014

Apps on Android can independently take photos – Ferra

Not too good news for users of Android: programmer Shimon Sidor revealed in this operating system vulnerability which enables applications installed on the device to take photos without the owner’s knowledge and without any notifications. Sidor described the mechanism of action of the threat, and also gave some instructions to protect against it.




 It is not difficult to guess that the unwanted photos can cause enormous harm to the user. Programmer declares that when photographing or recording videos on the screen have to be displayed any notice, the process should be in sight. Of course, if the user sees the application makes pictures, he immediately understands the problem. And what if he does not see?

Shimon Sidor says that created an experimental application that shows the user, though the status of the shooting, but the size of 1×1 pixel. Believe me, it is very small. Thus, just enough tiny tabs, and an attacker can take pictures at any time from your device, and more than that – to send the footage to their server.

Shimon Sidor posted a video where you can see a demonstration of how the application can continue to shoot with the phone off:

To protect against this type of threat, Sidor offers a simple algorithm:

  1. Pay attention to exactly what permissions an application requests during installation (for example, a simple notebook camera quite unnecessarily)
  2. Follow your Google account and change your password periodically from it, so as if you have access to your account attackers can install applications on the device remotely
  3. Periodically remove unused applications
  4. Ensure that the percentage of the battery and how much mobile traffic consumes each program. If any value seems too high, it’s time to think about malicious applications
  5. regularly go to the menu where displayed applications running in the background, and see whether there is not wormed once mishandled Cossack. Again, type notepad, it is not adapted for long-term work
  6. «Knock-out” application is not swipe and through the transition to his page and pressing the “forced stop».

Of course, it is impossible to completely eliminate the threat, but this algorithm can be at least a little to protect themselves. Hopefully, Google will take action to eliminate the detected vulnerabilities.

No comments:

Post a Comment