Welcome, Guest. Please login or register.
Did you miss your activation email?
Fri 15 December, 2017 - 11:57 am
Home Help Login Register Chat Personal Messages Logout
News: The Rules - updated 23/01/2012


+  Last Post
|-+  General Category
| |-+  The Lab (Moderator: Stu)
| | |-+  Android hiccup
0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Android hiccup  (Read 590 times)
Mr Nice Guy
Supreme Loser
******

Karma: 275
Offline Offline

Posts: 23,473



« on: Thu 27 September, 2012 - 08:32 am »

http://i.stuff.co.nz/technology/gadgets/7732438/Security-risk-for-millions-of-Android-users


Quote
A serious security flaw has been discovered on Android smartphones which allows hackers to remotely wipe them just by sending an SMS or getting a user to visit a URL.

The security flaw was exposed at the Ekoparty security conference in Argentina overnight by Ravi Borgaonkar (click here for Youtube video of the demonstration), a researcher with the telecommunications department at the Technical University of Berlin, and Fairfax Media has confirmed it affects many Australian phones.

An Australian security expert, Paul Ducklin, from the security firm Sophos, said the flaw served as a "wake up call" to users who didn't back up their smartphones.

"This just emphasises the importance of regular and current back-ups doesn't it?" he said. "Whether you do them into the cloud ... or to a USB drive."

Dylan Reeve, who works as a TV editor in New Zealand and has worked in IT in the past, said millions of Android devices would be affected by the flaw and recommended users running Android devices check whether they were affected by using a test website he has designed.

The website does not run the code to reset a smartphone to its factory default settings but instead runs code to see whether the phone will automatically display its International Mobile Equipment Identity number, Reeve said.

This, Reeve said, allowed a user to find out if the factory reset code could be run too without intervention. If a user was vulnerable, Reeve recommended they download a new dialler to their phone that was not vulnerable to the attack Borgaonkar had discovered.

A dialler Reeve recommended on the Google Play store was "Dialler One". An app called TelStop has also been created specifically to catch the wipe code.


Logged
Mr Nice Guy
Supreme Loser
******

Karma: 275
Offline Offline

Posts: 23,473



« Reply #1 on: Wed 24 October, 2012 - 08:09 am »

http://i.stuff.co.nz/technology/digital-living/7852719/Android-apps-leaking-personal-banking-details


Quote
Millions of people around the world are using "vulnerable" Android apps that are leaking personal data, including bank account information and webcam access, new research says.

The study tested the 13,500 most popular free apps from the Google Play Store and found that 1074 - almost 8 per cent - used incorrect or inadequate coding.

Researchers at the Leibniz University of Hannover and the Philipps University of Marburg, both in Germany, tried to hack a sample of 100 of the vulnerable apps. They were able to exploit 41, of which there are at least 39.5 million users worldwide, according to the Google Play Store.

"We could gather bank account information, payment credentials for PayPal, American Express and others," says the study.

"Facebook, email and Cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted."

The researchers created a fake Wi-Fi hot spot and mounted an attack that spied on data sent and received by the apps. They were able to capture log-in details for online banking, social media, email services and corporate networks - and even disable security software.

All very bad news but why aren't there vast amounts of personal stories of people being hacked 
Logged
Pages: [1] Go Up Print 
Jump to:  


Login with username, password and session length


Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
All Content © 2007 The Last Post all rights reserved
Page created in 0.104 seconds with 20 queries.