Η Bluebox Security, a mobile security company, has discovered a very serious security flaw in Android. Vulnerability exists from Android 2.1. This security fake in Fake ID can be used by malware to mimic secure applications without any notice to the user.
Έτσι η δυνατότητα που αποκτάει το malware το κάνει να μπορεί να λειτουργεί σαν να έχει πλήρη έγκριση από τον ιδιοκτήτη , όπως ακριβώς τα προγράμματα υψηλού επιπέδου ασφαλείας. Η Bluebox ισχυρίζεται ότι με το Fake ID “ασφαλείς εφαρμογές χρησιμοποιούνται από το κακόβουλο λογισμικό για να ξεφύγουν από το sandbox και να πραγματοποιούν μία ή περισσότερες κακόβουλες ενέργειες. Π.χ., εισαγωγή Trojan horse σε μια εφαρμογή απομίμηση της Adobe Systems, ή την χορήγηση accessς στο NFC [Neat Field Communication], πληρωμές από το Google Wallet. Η κακόβουλη εφαρμογή μεταμφιεσμένη, θα μπορούσε να αναλάβει τον έλεγχο της διαχείρισης όλης της devices like 3LM ". Ironically, the 3LM is part of an Android business security system.
Bluebox does not exaggerate. This security gap is very important and exists on all versions of Android from 2.1, and then up to the latest KitKat version.
The good news: Google corrected the security gap.
A spokesman for Google said:
"We appreciate Bluebox for responsibly reporting this vulnerability to us. Ή Third-party research is one of the ways to make Android stronger. Following the announcement of this vulnerability, we quickly released a patch which was distributed by the companies we work with and by AOSP [Android Open Source Project]. as well as for AOSP [Android Open Source Project]. Google Play and Apps Verification have also been enhanced with protection on this issue. At this time, we have scanned all the applications on Google Play, as well as those that Google has recently evaluated, and we have not seen any evidence of an attempt to exploit this vulnerability. "
So for now, you're probably safe. To make sure you stay safe, follow these basic steps for Android security.
- Do not visit, and do not download files from suspicious websites. Porn sites are particularly risky.
Do not download programs from third parties. - Look carefully at any program before you install it to make sure it's legal and only asks for the necessary licenses.
- Upgrade if possible to the latest version of Android.
- Χρησιμοποιήστε κάποιο anti-virus υψηλής quality.
