Thursday 12 February 2015

Google Play Leak Makes Possible Automatic Install Apps


A vulnerability in the Google Play Store allows attackers to install apps from automatically from the store on the devices of Android users. The problem is caused by the Google Play support domain no X-Frame-Options (XFO).

A malicious user could then through Cross-Site Scripting (XSS) in a particular part of the Google Play web application, or via Universal XSS (UXSS) remotely install any app from Google Play and start. According to Todd Beardsley security company Rapid7 are many versions of Android 4.3 (Jelly Bean) and previously supplied with browsers that are vulnerable to UXSS.

In addition, there is the possibility that users themselves have installed a vulnerable browsers. Users who want to protect themselves against the problem have therefore advised to use a browser which does not occur frequently UXSS vulnerabilities, such as Google Chrome, Mozilla Firefox or Dolphin Browser. Another solution is not to be logged into a Google account while surfing.

The problem was reported to Google on December 12 last year. However, no mention is made of the vulnerability is fixed.Rapid7 did create a module for Metasploit to demonstrate the vulnerability. Metasploit is a framework for testing the safety of the systems. The now published module combines two vulnerabilities to execute arbitrary code on Android Devices.

First create the module using a UXSS leak in the default Android browser, as well as various other browsers on Android 4.3 and above. In addition, maintains the Google Play web interface no X-Frame-Options and is therefore vulnerable to script injection. The end result is the remote execution of code from Google Play's feature to remotely install apps. An attacker can therefore install and start anywhere in the Play store.

No comments:

Post a Comment