FireEye: The free εφαρμογές του Android που διατίθενται από το Google Play Store και έχουν πάνω από ένα εκατομμύριο downloads βρέθηκαν να χρησιμοποιούν ευάλωτα κρυπτογραφικά συστήματα για την προστασία των ευαίσθητων πληροφοριών που αποθηκεύουν.
An analysis of the most popular free apps (9.339 apps) available on the official Google Store reveals that about 62% of them, i.e. 5.147, could not properly secure confidential information, which could allow an attacker to steal the “protected” data by exploiting various weak points.
Her researchers FireEye (you can read more on the official website) did the tests on samples that met the popularity criteria mentioned above at 22 November 2014.
Experts looked for vulnerabilities points σε high entropy, αλγόριθμους encryptionand encryption codes.
Most of the productof those found to be cryptographically insecure were with the encryption algorithms. An attacker could leverage use a reverse dictionary to discover the original string, without knowing the keys used for encryption.
The cases of low entropy weaknesses discovered by the security company concerned 1.762 applications that used a static key to encrypt the information that could be extracted to reverse the process.
So beware of what you download, or to be even more confident, of what you store on your devices.
