However, it is said that a lot of Android applications coming out of the market has revealed a new vulnerability. A report has claimed that these Android applications can divulge personal information, thereby exposing the user to security hazards.
The Research on the Vulnerability of Android Apps
Research conducted in Philipp’s University of Marburg and Leibniz University of Hannover has examined 13,500 applications. The study have found out that an about 1000 apps were not secured. The phones used for testing were operated by Android 4.0.
This app development is not capable of protecting social network log in information and even bank accounts. The apps, which are available at Google Play Store, activate normal scrambling systems. Meaning, the apps are open to attacks, thereby activating the exposure of information that is transmitted between a website and the apps.
During the study, the research team made a bogus Wi-Fi hotspot and made use of especially made attack device to watch on the information that the apps transmit through that course. Through it, if an Android device is connected to a vulnerable network like a Wi-Fi hotspot, an attacker can possibly find out the security protocols utilized by the apps and get the information they exchange.
The researchers reveal that they can obtain bank account data, payment accounts for American Express, PayPal, Diners Club, etc. Also, Email, cloud storage information as well as Facebook, Twitter, Yahoo!, Google accounts and messages were disclosed. The researchers added that the problems are with the vulnerability of the TLS and SSL protocols, which form together the basis for practically all encryption between its users and websites.
The researchers have downloaded over 13,000 free applications from Google Play Store and tested if their SSL implementations were vulnerable to "man-in-the-middle" or MITM exploits. The result revealed those 1,074 apps, or about 8% of the downloaded apps, which have SSL specific code that recognizes the certificates or hostnames for the certificate and therefore are likely susceptible to MITM exploits.
What Are These Vulnerable Apps?
Out of the potentially 1,074 vulnerable apps, the research team chose 100 and from that 41 were discovered to be vulnerable. Some of these apps are the following:
• A very famous cross platform messaging service with a fix base of up to 50 million users uncovered phone numbers from the address book.
• A client application for the popular Web 2.0 site with around 1 million users, which appears to be provided by a third-party developer. It disclosed Facebook and Google information when logging in to these sites.
• An antivirus application that recognized void certificates when authenticating the connection giving new malware signatures. By using the trust, the team of researchers was able to feed the app with their malevolent signature.
• An application with a fix base of up to 5 million users that was tagged as an easy and safe means to upload as well as download cloud-based information that revealed login information. The leak was the effect of the “broken SSL channel.”
Author Bio:
Mason Brown is marketing lead at Arcapps.com, which provides quality Mobile app development using advanced technologies. It is my passion to write on technology subjects, because this is the age of technology revolution.
No comments:
Post a Comment