Monday, 30 June 2014

Are you a VULNERABLE USER ?

Posted By: Unknown - 6/30/2014 09:40:00 pm

Share

& Comment




Android users, beware: 86 percent of Google OS-based devices may contain a high-risk vulnerability.

According to June 4 data from Google, about 13.6 percent of Android devices are on 4.4 KitKat, while 10.3 percent are running version 4.3. Most (29 percent) are running 4.1.x, while 19 percent are on 4.2.x.

IBM security researchers uncovered the bug in September, quietly warning the Android Security Team, which two months later confirmed a patch for 4.4 KitKat. But the remaining Android versions do not yet have a fix, leaving them exposed to hackers.


In last week's public reveal, the IBM team explained that the vulnerability lies in the Android KeyStore, where cryptographic keys and other credentials are stored. By exploiting the flaw, hackers can obtain banking and virtual private network credentials, PINs, and unlock patterns.


This isn't exactly an open door to attackers, though. According to IBM application security research team lead Roee Hay, Google has several barriers in place to slow, if not stop, hackers from successfully exploiting the vulnerability.


With built-in data execution prevention and address space layout randomization, the Android operating system isn't a pushover. Plus, as Ars Technica pointed out, an attacker would need to have an app installed on a vulnerable handset to infiltrate user information.


But that doesn't soften the blow: the weakness resides in KeyStore, which is one of the most sensitive resources in the OS, according to Ars.


Applications that require a password to be retyped each time—banking services, for example—are at lower risk than more easily compromised apps, like Twitter, Wallach said. Similarly, users should keep an eye on those apps that load VPN credentials onto their phone, which essentially hand hackers a key to bypass the firewall.


This isn't the only security issue for Android owners. Despite multiple patches to its top products, Google admitted in April that Android 4.1.1 is still vulnerable to the Heartbleed bug, leaving about 34 percent of users exposed.


Don't go ditching your Google-based device for a more secure iOS smartphone, though: Apple's system isn't exactly foolproof.

About TrendsPub

Trends Pub is an online Publication that complies Bizarre, Odd, Strange, Out of box facts about the stuff going around in the world which you may find hard to believe and understand. The Main Purpose of this site is to bring reality with a taste of entertainment

0 comments:

Post a Comment

Copyright © 2013 Trends Pub™ is a registered trademark.

Designed by Templateism. Hosted on Blogger Platform.