About

All telecom fundamentals on SIP protocol, VOIP, RTP, RTCP knowledge, Technical Youtube Videos, Linux material, Android, SSCA certification information,the sip school videos.

Tuesday, 23 October 2012

185 million Android users vulnerable to man-in-the-middle attacks

185 million Android users vulnerable to man-in-the-middle attacks

android malware
A report by security experts indicates that as many as 185 million Android users around the world may be vulnerable to man-in-the-middle attacks. This means that even as the communications protocol is secure in itself, messages can be intercepted during data exchanges through spoofing of security certificates, and malicious hackers or software can tamper with communications.
Computer scientists from Germany’s Leibniz University of Hannover and Philpps University of Marburg have attempted such attacks, and say they could retrieve sensitive information from an Android smartphone.
We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted.
The researchers say other information is also vulnerable, and this can include emails and instant messages.
What’s troubling is that the study even includes one anti-virus app, which was found to have accepted invalid SSL certificates when updating its malware database. This can easily be exploited by a malicious hacker, who can feed his own malicious signatures into the app.
The study has also found a generic online banking application to be vulnerable to man-in-the-middle attacks, as well as a popular cross-platform instant messaging application.
As for solutions, the researchers recommended beefing up security, such as by using security certificate pinning. Thereis also a recommendation for Google to provide warnings when a connection is not encrypted.
SOURCES ARS Technica

 

Reactions:

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

Page Navigation Widget