-The most popular smartphones system Google's Android, make serious vulnerability?
Recently there is vulnerability on Android that researchers from North Carolina State University says that third apps or we can say attacker can make phone call, read your messages, and see your private datas - without asking user permission.
Researchers test this vulnerability with HTC, Samsung, Motorola, and Google turns out with outstanding result. Handsets sold by those manufactures contains code that makes its handsets exposes to untrusted third-party apps. These codes is bypass key security defenses built into Android that require users clearly grant permission before an apps gets access to personal information and functions such as phone call.
"We believe these results demonstrate that capability leaks constitute a tangible security weakness for many Android smartphones in the market today" wrote the researchers on their paper - Network and Distributed System. "Particularly, smart-phones with more pre-loaded apps tend to be more likely to have explicit capability leaks."
With apps the researchers make, called Woodpecker, they test it on eight smarphones from the four vendors. In these tests the researchers figured that the most vulnerable was HTC's EVO 4G devices and the less vulnerable was Googles devices, Nexus One and Nexus S, contain one leak test with : deleting packages.
Finally the researchers wrote on their paper with a worrisome results."Among the 13 privileged
permissions examined so far, 11 were leaked, with individ-ual phones leaking up to eight permissions. These leaked capabilities can be exploited to wipe out the user data, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain the user’s geo-location data on the affected phones – all without asking for any permission.
You can read information abaout these on their papers available in here. With the upgrades of firmware, these threat maybe will be fixed.
Sources :
No comments:
Post a Comment