The vulnerability allows an attacker to insert between users and the sites they visit, but the risks for the general public is limited. That’s why
Let us get used : vulnerability within Android there are already numerous, and will continue to be discovered. It would be illogical for the most widely used mobile operating system in the world will not attracted the unwanted attention of malicious hackers – thousands of eyes to scrutinize the source code to find a flaw. The latest unearthed in time lies in the kernel Linux from which descends Android: it is a bug that affects smartphones and tablets with installed versions by Android 4.4 (Kitkat) up .
Through this vulnerability becomes possible for a malicious user fit inside a connection between a user and any service, website or messaging platform latter is trying to achieve, terminandone the connection.
not only that: if the link between the two entities is not subject to encryption, the attacker has the opportunity to inject arbitrary code in the connection. The scenarios of exploitation of a vulnerability like this are numerous: for example, an attacker can intercept the attempt to connect a user to a particular website, pose as the site in question and present the above a fake screen authentication for groped to extort user name and password of your account.
the prospect is worrying: Android devices afflicted by the problem could be up to 80% of the total, about 1.4 billion. But fortunately for the actual harm to the general public it is limited, since such an attack is brought to score following criteria make subsequent trawling . You must first take aim at a single user, knowing the sites you connect to routinely intercept and connect to one of these, hoping that communications are carried out in light; without knowing the two ends of the link, in fact, it is impossible to integrate into. there’s more: at this point it is necessary to recreate a copy of the authentic fake page, through which to request the login information to the user unaware.
The risk, however, remains high for entities placed carefully in the middle viewfinder by organizations, governments, stalkers or criminals who know what they are looking for. The solution for them is to enable encryption for sites and serviziche support it and hide its sensitive activities behind a VPN while waiting for the flaw to be settled by Google and smartphone makers through updated.
-> Follow
No comments:
Post a Comment