Click to Skip Ad
Closing in...
  1. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  2. Galaxy Star Projector Amazon
    09:43 Deals

    This awesome $32 gadget went viral on TikTok and now Amazon shoppers are obsessed

  3. How To Save Money On Your Cable Bill
    15:37 Deals

    Your cable company is furious that we’re telling you about this $59 box on Amazon

  4. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  5. Amazon Gift Card
    07:58 Deals

    $25 in free Amazon credit beats any Prime Day deal – here’s how to get it

Major security flaw discovered in Android

April 16th, 2014 at 10:36 AM
Android Phishing Apps Security Flaw

Security firm FireEye has discovered a major security flaw in Google’s mobile operating system, ComputerWorld reports, which could allow an attacker to modify the behavior of an app icon in the launcher in order to send users to a malicious site that would collect personal data. It’s not clear whether any apps in the Google Play Store, or anywhere else, have already used this particular security issue to steal data from users. Google has apparently acknowledged the problem and already released a patch to OEM partners, though it will be a while until the fix hits affected Android devices.

“Many Android vendors were slow to adapt security upgrades. We urge these vendors to patch vulnerabilities more quickly to protect their users,” the company wrote.

For the purpose of demonstrating the flaw, FireEye published its Android app in the Play Store, proving that Google’s filters won’t prevent such phishing apps from being brought to the app store. Once installed on a device, the application would then be able to covertly take over the icon of certain apps – such as mobile banking applications – and send users to malicious websites that would then trick them into entering their personal details.

The app apparently uses “normal” app permissions, with FireEye having demoed its proof-of-concept attack on a Nexus 7 running Android 4.4.2. The company also said that apps with this phishing feature could work on many other devices, including smartphones and tablets that don’t use the “Launcher” functionality in AOSP – the company tested a Galaxy S4 running Android 4.3, a HTC One on Android 4.4.2 and a Nexus 7 running CyanogenMod 11, coming up with the same results.

Recently, Google issued an update to ‘Verify apps’ security feature to better monitor app behavior on a smartphone. Before that, it was discovered that legit Google Play Store apps were able to covertly turn millions of devices in miners for digital currency.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News