About a month ago, two Android researchers were able to find two vulnerabilities within the Android OS that have yet to be addressed or patched up by Google in the latest Android updates. What exactly are these vulnerabilities?
Well, the first bug is called a “permission-escalation vulnerability” and apparently, it affects all Android users. The exploit allows for an app to be installed without a user approving of the permissions typically required when installing an app. For instance, say you were to install a seemingly harmless (but infected) app from the Market. A hacker could then use this vulnerability in Android to gain additional malicious permission privileges after an install.
The second exploit is known as a “Linux kernel privilege escalation” and it allows for an unprivileged application to escalate or gain privileges and gain full control over a device.
Last year, Jon Oberheide, one of the researchers who discovered these 2 vulnerabilities, was able to upload an app disguised as an “Angry Birds expansion pack” into the Android Market. Once downloaded, without any user knowledge or input, the expansion pack was able to install three additional apps that monitored a phone’s contacts, location information and text messages. That data could then be transmitted to a remote server.
No comments:
Post a Comment