Android Users who install apps outside of Google Play and an old Android version use are vulnerable to a new attack. It was estimated to be half of all Android users, warns security company Palo Alto Networks.The actual number is probably much lower.
Through the vulnerability could allow an attacker to break into the installation of a seemingly safe APK file and replace it with an app of choice, without the user noticing. The security issue is caused by an error in the system service "Package Installer" of Android, allowing attackers unnoticed can get unlimited access rights. During installation let Android Apps see what permissions they need in order to work properly. A Messages app, for example, require access to SMS messages, but not to the GPS location.
The vulnerability gives attackers the ability to deceive users by a false, smaller set to allow access rights to see. In reality, the user, if he chooses to install the app, just give access to all services and data on the device, including personal information and passwords. The problem is present in Android 2.3, 4.0.3-4.0.4, 4.1.x, and 4.2.x and some distributions of 4.3. According to Palo Alto Networks uses about half of Android users one of these versions.
The actual number of users that are at risk is likely to be much lower. The security issue because only occurs at Android apps that are downloaded from third parties and unofficial marketplaces. It does not apply to apps downloaded from Google Play. These files are downloaded namely in a safe environment that can not be modified by an attacker. Owners of Android devices vulnerable therefore be advised to only download apps from Google Play.
No comments:
Post a Comment