![]() ![]() ![]() For starters, Apple disclosed on Sunday that intruders had hacked into its developer Web site, and may have made off with the names, mailing address and/or email addresses of its app developers. ![]() Mobile users who rely on Apple’s iOS to keep them safe from malicious apps may be feeling safe by comparison, but two other recent developments could have security implications for iOS users. Forristal added that more details on the flaw will be released next week at the Black Hat security conference in Las Vegas.Īn unofficial patch for this vulnerability is available now for those Android users who are using a rooted device, See this announcement from Duo Security about that fix. “The availability of these updates will widely vary depending upon the manufacturer and model in question,” BlueBox’s Jeff Forristal wrote in a blog post announcing their research. BlueBox said that it privately shared the details of the bug with Google in February 2013, but that it’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates). Android uses these signatures to determine if an app is legitimate and to verify that an app hasn’t been tampered with or modified.Īccording to BlueBox, the bug affects any Android device released in the last four years - nearly 900 million devices. As first outlined roughly two weeks ago by researchers at BlueBox Security, the so-called “Master Key” vulnerability could let attackers convert almost any Android application into a Trojan, all without altering its cryptographic digital signature. Perhaps more worryingly, Symantec said this week that it had discovered two malicious Android apps in the wild that take advantage of a newly discovered and potentially quite serious security hole in Android applications. The company said while it has detected only a few hundred AndroRAT infections worldwide, but that it expects that number increase as more tools for AndroRAT like the APK binder emerge. “For example, when running on a device, AndroRAT can monitor and make phone calls and SMS messages, get the device’s GPS coordinates, activate and use the camera and microphone and access files stored on the device.” “Like other RATs, it allows a remote attacker to control the infected device using a user friendly control panel,” Symantec’s Andrea Lelli wrote. Symantec notes that the point-and-click Androrat APK Binder is being used in conjunction with an open-source remote access Trojan for Android devices called called AndroRAT. Binders have been around in a variety of flavors for many years, but they typically are used to backdoor Microsoft Windows applications. Last week, Symantec warned about a new malware toolkit or “binder” designed to Trojanize legitimate Android apps with a backdoor that lets miscreants access infected mobile devices remotely. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |