Android Phishing
Researchers at the University of North Carolina School of Computer Science discovered a source code vulnerability in the Android Open Source Project that allows an attacker to create an application that can access personal data on the device without permission.
The video below shows some kind of malicious demo application downloaded by a user from the Internet and installed on a smartphone with Android 4.1. At the same time, as you can see, the application does not require any permissions (permissions) from the user, and in this sense it looks like absolutely safe. Then, using the application, an SMS is sent, in response to which a message is received from the number that is in the user's contact list.
')
Thus, it is possible for an attacker to send an SMS from a “legal” number to an infected device, which may contain a request to perform, for example, any financial transactions or request a password to the “bank security service”, or call back to the premium number.
Google recognized the problem that affects all versions of Android; Moreover, as the researchers say, the company responded to a request for a problem in literally 10 minutes and in two days the problem was confirmed by engineers of the search giant, and its solution will be included in releases of future versions of Android.
[ Source ]
The video below shows some kind of malicious demo application downloaded by a user from the Internet and installed on a smartphone with Android 4.1. At the same time, as you can see, the application does not require any permissions (permissions) from the user, and in this sense it looks like absolutely safe. Then, using the application, an SMS is sent, in response to which a message is received from the number that is in the user's contact list.
')
Thus, it is possible for an attacker to send an SMS from a “legal” number to an infected device, which may contain a request to perform, for example, any financial transactions or request a password to the “bank security service”, or call back to the premium number.
Google recognized the problem that affects all versions of Android; Moreover, as the researchers say, the company responded to a request for a problem in literally 10 minutes and in two days the problem was confirmed by engineers of the search giant, and its solution will be included in releases of future versions of Android.
[ Source ]
Source: https://habr.com/ru/post/157361/
All Articles