Thursday, August 6, 2015

Researchers can take complete control of Android phones – NU.nl

The researchers did leak the name given Certify gate, and presented at hacker conference Black Hat .

The vulnerabilities in Android occur at aircraft manufacturers Samsung, LG, ZTE and HTC. The way manufacturers known as remote support features are implemented, makes abuse possible.

Remote support normally makes it possible for companies to provide technical support devices over the internet. But by abusing the security certificates of the manufacturers can according to Check Point also others in this way gain access to Android devices.



No solution

This access could be malicious everything see what users do on their Android device, and take full control. According to the researchers, there is no solution for users to withdraw the certificates that grant them access rights.

Check Point, Samsung, LG, ZTE and HTC made aware of the vulnerability. Who would then began to spread updates to fix the problems. Both Check Point and Google indicate that Nexus devices are not affected by the vulnerability.



Control app

Avi Bashan, head of mobile threat detection at Check Point, told Engadget that the fault lies with the manufacturers of Android devices. They would not have been properly implemented their versions of the support options.

Google says the researchers are grateful for finding and reporting the vulnerability. “The problem they describe refers to changes that make manufacturers and they make updates available to resolve the problems,” said the Android-maker.

Check Point has developed a free app that allows Android users can verify that the vulnerability occurs on their device.

Other big hack

Certify gate follows more than a week after the announcement of Android vulnerability Stage Fright. This leak comes in almost every version of Android before, and also makes acquisition of the entire device.

When the leak uses a vulnerability in the video of Android. Attackers can hide code in a video, which thanks to applications like Whatsapp or MMS but also Hangouts is automatically saved. Then the code undetected run.

Samsung has already adapted its security policy in response to the leak. The popular Android manufacturer promises are appliances now provide new monthly security updates

. <- block |? article link start ->

By: NU.nl

LikeTweet
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)