Design flaw in Android could allow for malware to mimic legitimate apps

Design flaw in Android could allow for malware to mimic legitimate apps
Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk.

The latest vulnerability that was brought to our attention targets Android users, and although it has not caused any damage yet, it has the potential to give you quite a headache. It has been discovered that “a design flaw” in the Android operating system could allow for unwanted pop-ups to appear whenever a set application is running thus defiling your smartphone with annoying pop-ups. However, if executed properly, the flaw could potentially be used for phishing attacks to be targeted at your device.

In a nutshell, when the malware detects that your banking app or e-mail client, for example, is running, it can launch an identically-looking pop-up app asking for your credentials. What makes things worse is that the execution of the pop-up app can happen so fast that the user would probably never realize what has happened until it is too late. The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.

There have been no registered cases of the so-called design flaw being used in a malicious way, but a proof-of-concept application has been demonstrated just recently at the DefCon hacking convention. That is why we have said it before and we will say it again - you should always be extra careful when downloading apps from any shady-looking software marketplaces as you never know what might be coming along with them.

source: CNET

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless