Mobile Software News. Read the latest stories about software from Mobile Industry Today.
Thursday, November 22, 2012
SMS-Phishing - a new vulnerability Android-devices
Recently the uncovered problem with the drains privileges in the Android operating system allows applications to access the phone features that they are not allowed.
Recall, a group of researchers from North Carolina State University reported the discovery of a particular method, as any application can gain access to the WRITE_SMS, that is, the device can simulate the arrival of the free text SMS from any number. A similar function is extremely useful for attacks like SMiShing (SMS-phishing). Attackers can send fake SMS to the user from a trusted numbers containing a malicious link.
"Vulnerability in Android, allowing to simulate the arrival of SMS from any number, is especially dangerous because of recent events clearly show that a combination of social engineering by using malicious software can deceive a substantial number of people and get them to do what is beneficial attackers - says experts eScan in Russia and the CIS. - The situation is aggravated by the fact that almost all Android-devices have a constant connection to the Internet, which may contribute to the rapid rise of a possible avalanche of the epidemic. "
"Well, that vulnerability was discovered by researchers, not related to cybercrime. Certainly, to be released update, closing the vulnerability - the expert continues eScan, - but in the case of such a fragmented system (Android) it's safe to say that not all of the devices in a timely manner will receive a patch, because there are so many device manufacturers, which generally do not update firmware, or do so very rarely. "
Experts are sure this vulnerability will soon be exploited, and the "at risk" will get at least half of the existing Android-devices. All that remains to users - be careful about the information (especially the links) in the SMS-messages - no matter who they are received.
Each customer will receive up to 67% discount on purchases security software: Click Here
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment