- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Smartphone Users: Malicious Apps Abound
Friday, December 30, 2011 @ 02:12 PM gHale
There is a malicious mobile application that requires a phone user to grant no permissions during installation, but could give remote attackers the ability to install and execute malicious code on mobile devices running the Android operating system.
The “No-permission Android App Remote Shell” does not take advantage of a security hole in Google’s Android. Rather, it exploits legitimate functionality known for a number of years, said researchers at security firm Viaforensics.
RELATED STORIES
Data Treasure on Old Smartphones
Looking for a SSL Fix
Targeted Attacks on Rise
Compromise: When to Revoke Certificates
The application provides access to a wide range of device features, allowing ViaForensics researchers to extract data about the device, control the application, read data from the SD Card and potentially download other applications or exploits. Upon installation, once the device locks, it connects to ViaForensics’s control server.
“We are using Android the way it was designed to work, but in a clever way in order to establish a two-way communication channel,” said ViaForensics Director of Research and Development Thomas Cannon.
Android’s open nature and its built-in multi-tasking capabilities are the platform’s downfall in this instance, Cannon said.
ViaForensics said security on the Android platform relies, in part, upon the assumption that third party application developers are on the level.
With smartphones becoming more popular as a work tool, other researchers raised similar arguments about the need for more security on the Android platform.
The Viaforensics application works on Android versions from 1.5 to 4.0 Ice Cream Sandwich, which is the code name for the newest Android update.
ViaForensics decided not to place their remote shell app on the Official Android Market and will not release the full technical details of the exploit.
Leave a Reply
You must be logged in to post a comment.