Η Bluebox Security, a mobile security company, has discovered a very serious security flaw in Android. The vulnerability has existed since Android 2.1. This security loophole in Fake ID, can be used by malicious λογισμικό για να μιμηθεί ασφαλείς εφαρμογές χωρίς καμία ειδοποίηση στον χρήστη.
So the ability that the malware acquires makes it able to act as if it has full approval from the owner, just like high level security programs. Bluebox claims that with Fake ID “safe applications are used by malware to escape the sandbox and perform one or more malicious actions. E.g., introducing a Trojan horse into an Adobe Systems imitation application, or granting access to NFC [Neat Field Communication], payments from Google Wallet. The malicious application disguised as 3LM could take over the management of the entire device. Ironically, the 3LM is part of an Android business security system.
Bluebox does not exaggerate. This security gap is very important and exists on all versions of Android from 2.1, and then up to the latest KitKat version.
The good news: Google corrected the security gap.
A spokesman for Google said:
"We appreciate Bluebox for responsibly reporting this vulnerability to us. Ή Third-party research is one of the ways to make Android stronger. Following the announcement of this vulnerability, we quickly released a patch which was distributed by the companies we work with and by AOSP [Android Open Source Project]. καθώς και για AOSP [Android Open Source Project]. Το Google Play και η Επαλήθευση των Apps έχουν επίσης ενισχυθεί με προστασία σε αυτό το ζήτημα. Αυτή τη στιγμή, έχουμε σαρωθεί όλες τις εφαρμογές που υπάρχουν στο Google Play, καθώς και εκείνες που η Google έχει αξιολογήσει recently και δεν έχουμε δει καμία απόδειξη για απόπειρα εκμετάλλευσης αυτής της ευπάθειας.”
So, for now, you probably are safes. To make sure you stay safe, follow these basic Android security steps.
- Do not visit, and do not download files from suspicious websites. Porn sites are particularly risky.
Do not download programs from third parties. - Look carefully at any program before you install it to make sure it's legal and only asks for the necessary licenses.
- Upgrade if possible to the latest version of Android.
- Use some high-quality anti-virus.
