Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 8 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

70 per cent of Android phones vulnerable to 2012 flaw

by The Gurus
February 18, 2014
in Editor's News
Share on FacebookShare on Twitter

A method to control 70 per cent of Android devices has been revealed.
 
According to Rapid7 security researcher Joe Vennix, a browser exploit can control Android devices via a Web page or app. He claimed that this “gives the attacker the keys to your mobile device” and affects anyone using any Android version before 4.2.1, which is apparently about 70 per cent of Android devices.
 
It works by exploiting a vulnerability which was publicly disclosed in December 2012. The initial attack vector was through Javascript injection into a WebView in a third-party app that required the attacker to already have a man-in-the-middle position on the target. However this new exploit allows this to be done remotely and allows an attacker to control the device remotely.
 
“Depending on the permissions granted to the exploited application, potentially you can: read SD card contents, read GPS info, steal address book and access camera/mic,” he said.
 
Vennix said that one of the problems is the difficulties in updating Android, as OS updates are often controlled by the carrier and are different for each device type. Even though the flaw was disclosed in December 2012 and was patched in July 2013, he said that this “highlights the bigger issue of the challenge of updating Android devices, as users in many cases can’t update their OS. Even if they do, they also need to update their apps, and then there’s the additional software their carrier or device manufacturer forces them to have.”
 
“It’s kind of a mess, and I personally think Google is basically standing in the spot MSFT was before it built the Trusted Computing team and started Patch Tuesday – it needs to figure out how it’s going to tackle this whole updating thing across the ecosystem; and it needs to do it fast. You already know I have this big concern that this situation is only going to get worse as we see more Internet of Things devices standardising on Android,” he said.
 
“This is vulnerable – tested and proven by Metasploit contributor, Tim Wright. So basically users need to update all their apps as well, and unfortunately, there’s no way to tell if your apps are vulnerable or not.”
 
According to the Hacker News, Google will be forced to provide the latest version of Android (version 4.4 KitKat) in new handsets under its new policy. In a leaked memo, Google said: “Starting February 2014, Google will no longer approve GMS distribution of new Android products that ship older platform releases. Each platform release will have a GMS approval window that typically closes nine months after the next Android platform release is publicly available.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Zeus banking malware nestles a crucial file in a photo

Next Post

WikiLeaks accuse NSA of spying on it and users

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information