Android is definitely in a bad way. The safety of the mobile operating system from Google is again in the eye of the cyclone. Check Point Software Technologies – a specialist in Internet security and networks – has pinpointed a new vulnerability that the company presented at the Black Hat conference in Las Vegas that is taking place
Named “Certifi-gate”, this flaw comes from the remote support applications, allowing to have privileged access to relevant smartphone for example, help users when they have a problem with their device .
Very often pre-installed on devices by manufacturers of smartphones, these applications are particularly vulnerable because very few secure, Check Point reports. Result, hackers have here an opening to get their hands on the device and steal personal data, locate the hacked smartphone, and even record conversations by activating the microphone.
“Android has no way to revoke the certificates which provide the preferred permissions. No fix, the models are exposed in their first use” Check Point continues on his blog and added that large groups of devices such as LG, Samsung or HTC are potentially vulnerable. Without specifying exactly which models.
The previous MMS
This announcement comes as the end of July, the Zimperium computer company maintained a simple MMS could afford to take control of a smartphone running Android. “The attackers only need your phone number, and using it can run programs remotely via a specially crafted file for it and delivered by MMS” décortiquait Zimperium on his blog.
Translation, a text message including multimedia content such as video, may be sufficient. A flaw that could potentially involve no less than 950 million devices, according Zimperium.
Update Android
In both cases, the vulnerability can not be hampered with a update of Android, a process that takes time. The reason ? It’s not Google that controls the updates to its mobile operating system, but the smartphone manufacturers and even the telephone operators.
What has started Google with its Nexus range by announcing very quickly a security update. As Samsung. Moreover, HTC would also have begun to deploy a patch, according to Forbes. With this new flaw revealed by Check Point, the update program manufacturers may, however, be heavier than expected.
Les Echos
No comments:
Post a Comment