Get Latest Nokia Press Release Click Here

Search in Site

Lacks of Android Devices


It’s not something new whenever we heard about Android’s security mess yes, its a same old news over and over again. But hey, its our responsibility to inform the world what’s this new threat all about. Most Android users tend to ignore security threats, but when will they care?

Android is one of the hottest target for hackers, not only because that it has the biggest user-base but also has the weakest security. Previously reported security hole includes the ability for hackers to penetrate the APKs, turning legit applications into Malware.
Android has a certain feature called ‘weblogin’ it works by generating a token that can be use to authenticate users on Google websites without putting in their passwords. As per Craig Young, a researcher from Tripwire,
“Weblogin provides a better user experience but can potentially compromise the privacy and security of personal Google accounts, as well as Google Apps accounts used by businesses.

For example, it can provide access to the victim’s documents in Google Drive, emails in Gmail, calendar entries in Google Calendar, Google Web search history or potentially sensitive company data stored in Google Apps, he added. This can also be used to access the Google Play account of the user and install apps on the user’s device or to access third-party websites that is supported by Google Federated Login. Once the weblogin is exploited, it would be easy for hackers to the token without user’s confirmation.
Young created a proof-of-concept rogue app that can steal weblogin tokens and send them back to an attacker who can then use them in a Web browser to impersonate a victim on Google Apps, Gmail, Drive, Calendar, Voice and other Google services. Worst is, most Android antivirus software from known vendors was unable to detect the app as a Malware.

Indeed, very alarming because your hard earned money on getting an Android device will just let put your security into a real danger. This never-ending loopholes will eventually hurt Android in the long run.

0 comments:

Post a Comment