Android is one of the hottest target for hackers, not only because that it has the biggest user-base but also has the weakest security. Previously reported security hole includes the ability for hackers to penetrate the APKs, turning legit applications into Malware.
Android has a certain feature called ‘weblogin’ it works by generating a token that can be use to authenticate users on Google websites without putting in their passwords. As per Craig Young, a researcher from Tripwire,
For example, it can provide access to the victim’s documents in Google Drive, emails in Gmail, calendar entries in Google Calendar, Google Web search history or potentially sensitive company data stored in Google Apps, he added. This can also be used to access the Google Play account of the user and install apps on the user’s device or to access third-party websites that is supported by Google Federated Login. Once the weblogin is exploited, it would be easy for hackers to the token without user’s confirmation.
Young created a proof-of-concept rogue app that can steal weblogin tokens and send them back to an attacker who can then use them in a Web browser to impersonate a victim on Google Apps, Gmail, Drive, Calendar, Voice and other Google services. Worst is, most Android antivirus software from known vendors was unable to detect the app as a Malware.
Indeed, very alarming because your hard earned money on getting an Android device will just let put your security into a real danger. This never-ending loopholes will eventually hurt Android in the long run.
Indeed, very alarming because your hard earned money on getting an Android device will just let put your security into a real danger. This never-ending loopholes will eventually hurt Android in the long run.
0 comments:
Post a Comment