Android was targeted at Black Hat hacker conference. A round-up of all leaks, and especially, what can you do about it
The key white-hat hackers gathered this week in Las Vegas? . In the heat of the sun – it is there about 39 degrees – the hackers will present their findings about several vulnerabilities in current technology. Leaks in processors and software to take over self-propelled vehicles; everything is covered.
Android this year was a major target of the white-hat hackers, the two major leaks and two less significant vulnerabilities in Google’s system to the have brought to light. An overview
Lek. 1: Stage Fright
A leak in the video framework of Android is possible for attackers to execute malicious code on a smartphone or tablet. The code is hidden in the metadata that is automatically read by the video framework, such as receiving a mms’je or video via Hangouts. The latter has already solved Google and T-Mobile has already decided its MMS system temporarily to throw .
Among other things, the Galaxy S6 and S6 Edge and Nexus devices from Google have already been updated to stop the leak. Many manufacturers of Android devices work the next time to distribute updates, reports Android Planet . To check if your Android device is vulnerable, can use the Stage Fright Detector App Zimperium, the discoverer of the leak.
Google, Samsung and LG have spread after Stage Fright leak indicated monthly security updates for their devices
Lek 2.: Certifi-gate
The second major leak that was discovered, called Certifi-gate makes abuse of security certificates used in the remote-support functions of Android. Remote support allows manufacturers to provide technical support over the Internet.
In order to show that the support actually comes from the original manufacturer, asks Android on a security certificate. Security and discoverer of the leak Check Point has found a way to such security certificate spoofing and third parties to provide full access to the Android system.
In exploiting the remote-support functions of Android, an attacker can all see what the user is doing on its Android and take control. In addition, the user knows not to be burgled on his smartphone.
Nexus devices are not affected by the issue. The rest can check his or her machine is vulnerable to the vulnerability by this app to install. Manufacturers report that they are working hard to distribute a patch for the vulnerability
Lek. 3: Reboot Bug
The third vulnerability is slightly smaller, but no less annoying. Security firm Trend Micro has discovered that it is possible for attackers to endlessly re-launch an Android device. The user must install a malicious app and then play an equally unscrupulous mkv file from a website. A leak in the media server system is Android in a so-called run go
The leak in the media server system of Android makes the system becomes overloaded during the reading of rogue mkv files with the rogue app. This has the result that the battery very quickly deflates, and in the worst case reboot remains constant. The latter only happens when the rogue app automatically start at boot of the Android system.
Manufacturers have not responded specifically to this leak, but because it is closely linked to Stage Fright – which also exploited a vulnerability in the media server of Android – it is likely that this vulnerability is patched
Lek 4: Abuse. Fingerprint scanner
Security firm Trend Micro has discovered the last leak in Android. The fingerprint scanner would not be sufficiently secured, making it possible for a malicious app to steal the user’s fingerprint. This occurs when the user starts a rogue app, and then moves his finger on the fingerprint scanner. Among others, the fingerprint scanner Samsung, HTC and Huawei is unsafe.
If such a rogue app masquerading as an app for securing your pictures – you can only see your photos with your fingerprint – can abuse this vulnerability quite serious. Fortunately, devices with Android 5.0 or higher Lollipop protected: there the vulnerability is already dissolved in.
As the fingerprint is the next and more important – such as authentication with a password manager to complete payments – is crucial that devices with a fingerprint scanner as quickly as possible should be updated to Lollipop
One advantage. Most devices with a fingerprint scanner are high-end devices, which are already to Android 5.0 updated . The severity of this vulnerability is so happy with it.
Do you worry?
That is a bit on there. Android users with a high-end or relatively new smartphone will probably soon receive one or more patches to fix these vulnerabilities. It lies on the manufacturer how quickly this happens. The Galaxy Galaxy S5 or S6 logically be called the security fixes, but it is doubtful whether this applies, for example, the Galaxy Core 2. Such a device is no longer important for Samsung, and probably will not receive the necessary patches.
The leaks therefore have a big impact: the fragmentation of Android continue many smartphones and tablets vulnerable. Manufacturers go far already equipped their devices with security patches, making it easier for attackers to hack a large group of older and low-cost Android devices through a known exploit.
The “fragmentation” is the major drawback of Android, which in 2015 still struggling with the up-to-date on all the thousands of different devices.
Read more articles in the Heading Explanation Party
No comments:
Post a Comment