Google addresses security flaw that allows malicious apps to lead you into phishing sites

Google addresses security flaw that allows malicious apps to lead you into phishing sites
Google rolled out a security patch for Android to its OEM partners, which aims to fix a security hole that purportedly allowed a certain mischievous app to guide users into phishing websites and steal their private data. Initially discovered by FireEye, a network security company, the breach enabled 3rd party applications to make use of certain Android permissions – "com.android.launcher.permission.READ_SETTINGS", as well as "com.android.launcher. permission.WRITE_SETTINGS" – and change the icons and configuration settings of the Android launcher. The flaw affects all versions of Android up to 4.4.2.

Interestingly, both of these permissions were regarded as "normal" by Google - this means that they are automatically given to apps and users are not required to specifically grant these permissions. In addition, they were not notified that these permissions had been given, which allowed wrongdoers to benefit from this flaw. The malicious app changed a certain icon in order to attract users' attention and make them tap it, which led them into phishing websites that collected their sensitive information.

FireEye discovered this security hole and the app that takes advantage of it back in October 2013. In February, Google revealed that it had prepared a hotfix and just recently rolled it out to its partners.

source: Computer World via SlashGear

FEATURED VIDEO

6 Comments

1. chocowii

Posts: 478; Member since: Jan 30, 2014

I smell a Nexus update coming!

2. Anshulonweb

Posts: 468; Member since: Feb 07, 2014

well the only flaw of open source software is security.....

3. NexusKoolaid

Posts: 493; Member since: Oct 24, 2011

Closed-source software offers obscurity, not security. Would you rather use a closed-source OS where you can only HOPE that security holes are being discovered and patched?

4. boosook

Posts: 1442; Member since: Nov 19, 2012

and the only advantage of closed source is the ILLUSION of security, just because you don't actually know which security issues are currently being exploited on your closed source software and currently being used by malicious apps.

5. jroc74

Posts: 6023; Member since: Dec 30, 2010

I didnt realize Windows desktop OS's were open source.... Cant keep saying that when Windows and Internet Explorer were some of the most attacked and hardest attacked targets for many, many years...

6. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

There are many pishing e-mails which are aimed at IOS...so this a NO BIG deal...

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.