Linux.com

Home News Embedded / Mobile Mobile Linux Android Crypto Blunder Exposes Users to Highly Privileged Malware

Android Crypto Blunder Exposes Users to Highly Privileged Malware

The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.

The high-impact vulnerability has existed in Android since the release of version 2.1 in early 2010, researchers from Bluebox Security said. They dubbed the bug Fake ID, because, like a fraudulent driver's license an underage person might use to sneak into a bar, it grants malicious apps special access to Android resources that are typically off-limits. Google developers have introduced changes that limit some of the damage that malicious apps can do in Android 4.4, but the underlying bug remains unpatched, even in the Android L preview.

Read more at Ars Technica.
 

Comments

Subscribe to Comments Feed

Upcoming Linux Foundation Courses

  1. LFD211 Introduction to Linux for Developers
    08 Dec » 09 Dec - Virtual
    Details
  2. LFS220 Linux System Administration
    08 Dec » 11 Dec - Virtual
    Details
  3. LFD331 Developing Linux Device Drivers
    15 Dec » 19 Dec - Virtual
    Details

View All Upcoming Courses

Become an Individual Member
Check out the Friday Funnies

Sign Up For the Linux.com Newsletter


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board