Roughly Half of All Android Handsets are Vulnerable to a Newly Discovered Hack that, in Some Cases Allows Attackers to Surreptitiously Modify or Replace seemingly Benign Apps with Malicious Ones that Steal Passwords and Other Sensitive Data.
The "Android Installer Hijacking" Vulnerability, as it has been Dubbed by Researchers from Palo Alto Networks, Works Only When Apps are Being Downloaded from 3rd-Party App Stores or When a User Clicks on an App Promotion Advertisement Hosted by a Mobile Advertisement Library. Technically, it's Based on What's Known as a Time-of-Check to Time-of-Use Vulnerability. Affected Devices Fail to Verify that, the App being Installed at the Time of Use was the One the End User Approved during the Time of Check, which Occurs When a User Approves App Permissions such as Network Access or Access to the Contacts Database.
The Bug Involves the Way the System Application Called, PackageInstaller, Installs App Files Known as APKs.
"A vulnerability exists in this process because, while the user is reviewing this information, the attacker can modify or replace the package in the background", Palo Alto Networks Researcher, Zhi Xu, Wrote in a Blog Post Published Tuesday. "Verified with Android OS source code posted in AOSP [Android Open Source Project], it shows that the PackageInstaller on affected versions does not verify the APK file at the 'time of use'. Thus, in the "time of use' (i.e., after clicking the 'install button), the PackageInstaller can actually install a different app with an entirely different set of permissions."
One Scenario for Exploiting the Vulnerability Involves an Attacker Using a Benign-Looking App to Install Malware in the Future.
A 2nd Scenario Uses the Same Weakness to Mask the True Permissions an App Requires. In Both Cases, Targeted Users Can End Up Installing Apps that are Vastly Different from the Ones they Approved during the Permissions Process.
The Vulnerability has been Patched in Android Version 4.3_r0.9 and Later but, Xu Warned that Some Android 4.3 Devices Remain Vulnerable. By Google Estimates, that Accounts for 49.9% of the Handsets the Company Monitors. Palo Alto Networks has Released a Scanner App that, will Indicate if a Given Device is Vulnerable. People Using Vulnerable Devices should Steer Clear of 4rd-Party App Stores and Use Google Play as their Sole Source of Apps.
Info Sources:
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware
https://developer.android.com/about/dashboards/index.html
http://play.google.com/store/apps/details?id=com.paloaltonetworks.ctd.ihscanner
_Robot_Glove_Pics_1.jpg)
.jpg)
0 comentários:
Enviar um comentário