Results 1 to 3 of 3
  1. #1
    Editor in Chief
    Supporting Member

    Member #
    Join Date
    Apr 2011
    142 times

    Potential Design Flaw in Android Could Allow Malware to Mimic Legitimate Apps

    Some researchers recently demonstrated what may be a design flaw in Android that would allow malware to mimic legitimate apps. Sean Schulte, SSL developer at Trustwave, and Nicholas Percoco, the senior vice president and head of SpiderLabs at Trustwave, revealed at a DefCon Hacking Convention, what they believe is a design flaw in Android. They indicated that the design flaw could be used by advertisers to bring annoying pop-up ads to phones, or even by criminals to steal data via phishing.

    Basically the exploitable flaw centers around the fact that Android allows a developer to override the standard for hitting the back buttons. Because of this, an app can be created that is able to steal the focus and keep you from being able to hit the back button to exit out. This is similar to some malware attacks on Windows based computers. They are calling it the "Focus Stealing Vulnerability", and they were able to demonstrate an app they created that did exactly what they described. Here's a quote from the CNET article with more details,
    The researchers have created a proof-of-concept tool that is a game but also triggers fake displays for Facebook, Amazon, Google Voice, and the Google e-mail client. The tool installs itself as part of a payload inside a legitimate app and registers as a service so it comes back up after the phone reboots, Percoco said.

    In a demo showing a user opening up the app and seeing the log-in screen for Facebook, the only indication that something odd has happened is a screen blip so quick many users wouldn't notice. The fake screen completely replaces the legitimate one, so a user wouldn't be able to tell that anything is out of place.

    With this design flaw, game or app developers can create targeted pop-up ads, Percoco said. The ads could be merely annoying, like most pop-ups are, but they could also be targeted to pop up an ad when a competitor's app is being used, he added.
    The worst part about this potential vulnerability is that it could do more than just create a replacement pop-up ad; it could also detect when you are using a banking or email app, and create a legitimate looking overlay "phishing" for your credentials. Afterwards, the user would never even realize what happened. Supposedly,
    The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.
    Google is looking into the issue, and for now, no malware infections for this exploit have been reported. In the meantime, the best thing you can do is to always be cautious about where you get your apps, and don't download anything that looks even remotely suspicious.

    Source: via PhoneArena and CNET

  2. #2
    *Rescue Squad*
    Supporting Member

    Member #
    Join Date
    May 2011
    TF Book T100TA
    912 times
    One of the first things any of us in the software industry learns is: for every lock...there's a key.

    Software security on any platform is a moving target, and is never guaranteed.

  3. #3
    Supporting Member

    Member #
    Join Date
    Jun 2011
    2676 times
    Except for a Mac. There is no way for a Mac to get a virus!

    (BTW, I am just kidding, I know that they can get them and that since Snow Leopard Virus Protection is built in)

    Asus Transformer 16 GB & Dock - Munching on Jelly Beans
    crApple iP*one 5 - Stock

    Just once I want someone to call me Sir without adding you're making a scene.
    - Homer Jay Simpson



Remove Ads

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Similar Threads

  1. Newest Android Malware Allows Hackers to Control Your Phone
    By dgstorm in forum Asus Transformer News
    Replies: 3
    Last Post: 05-30-2012, 02:31 AM
  2. Android Malware threat grows!
    By mangatank in forum Asus Transformer (TF101) General Discussions
    Replies: 12
    Last Post: 08-03-2011, 02:26 PM
  3. Replies: 3
    Last Post: 07-02-2011, 01:14 PM
  4. Replies: 9
    Last Post: 06-19-2011, 08:26 PM

Search tags for this page

asus transformer flaw

asus transformer flaws

asus transformer phish virus
flaws in design games for android
is asus member center legitimate?
malware that can mimic user actions
transformer flaw
Click on a term to search for related topics.
Powered by vBulletin® Version 4.2.3
Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.
Search Engine Optimization by vBSEO 3.6.1
All times are GMT -6. The time now is 01:52 AM.