android trojan

Vulnerability in Android 4.3 allows applications to bypass the device lock

android-trojan
In September, Google added it remote locking device in its management , allowing them to lock their phone if it is stolen or lost.

 

 

The mechanism allows the user to bypass the existing device lock system and set a schematic system password for better security.
But recently, the Curesec, a research team  from Germany has discover an interesting vulnerability ( CVE-2013-6271 ) on Android 4.3 which allows a rogue application toto all existing locks on the device that have been activated by its owner.
"There is a bug in "Com.android.settings.ChooseLockGeneric class". This category is used to allow the user to modify the type of mechanism lock that the device should have. ” says the CRT team on the blog post
Android OS has many mechanisms to lock and unlock the device such as PIN, Password, gesture, and even face recognition, though most of them half users do not use them. However, for each change in the password settings, the device asks the user to confirm the previous insurance.
But if a malicious app is installed on the device, it could exploit the flaw to unlock the device without knowing the previous passcode. Attackers can exploit this για να παρακάμψει ορισμένους περιορισμούς to perform unauthorized actions.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2013androidbloggooglepost

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).