Bluebox security company revealed last night a dangerous vulnerability in Android which could affect 99% of the devices with Google operating system. But while it is a very serious problem , in principle, should not affect the average user as to affect a device you need to install applications from outside Google Play . Therefore, if you do not download applications that are not in the company store, there should be no problem. You should not be if you download from trusted sites.
However, this is not sufficient . Common sense is the first way to defend against this and virtually any vulnerability, yes, but also a need for additional security layer . “The owners of the devices should be especially careful to identify who published the application you want to download,” says Jeff Forristal , CTO of Bluebox, in the company blog.
Forristalnot explain in depth how Android vulnerability that has been discovered, but said that he will during his speech at the conference Black Hat . Anyway, gave considerable detail. He also assured that Google warned of this ruling in February this year.
The vulnerability is present in the operating system since the release of Android 1.6 , more than four years. Therefore, according to data from Google, affects virtually all of their devices. In the case of attack, these terminals would unable to detect changes in an application made by malicious software.
Android class=”alignleft”>not know that an app has been modifiedThis is due to how security is posed on the platform. All applications have a cryptographic signature that, in principle, prevents modification APK code an app without the operating system being aware of it. But he has discovered vulnerability Bluebox allows changing the code without affecting the firm because of “discrepancies in how Android applications are verified and installed”. That is, Android will not notice that the program has not been modified.
If this happens, you could get access to all information stored on the smartphone . But there is more. Given that phones manufactured by others are a large number of special permit applications, an attacker could access all installed applications and, thus, control the terminal to the point of being able to make calls, send SMS or power the camera.
Therefore, manufacturers themselves are who must develop and release updates to ensure the safety of its users. And this takes time . Google, meanwhile, should explore the fault, if not already done so, and work with these manufacturers to get a quick response.
class=”subtituloGeneral”>
When I’m not watching series or sleeping, I write technology. I write little. More articles by this author »
over”> class=”social
No comments:
Post a Comment