Sign In

Communications of the ACM

ACM TechNews

Android Flaw Might Also Affect Ios, Windows

View as: Print Mobile App Share:
Artist's representation of a malicious Android app.

A recently discovered vulnerability in the Android mobile operating system could allow malicious apps to carry out attacks on apps running on the same device.

Credit: appleinsider

Security researchers from the University of California, Riverside and the University of Michigan have discovered a vulnerability in the Android mobile operating system that could enable malicious apps to carry out man-in-the-middle (MITM) and other attacks on apps running on the same device.

The attack exploits the fact that despite app sandboxing efforts, most apps still rely on a window manager, a graphic interface framework that operates in shared memory space, to render their graphical interface elements.

During the recent USENIX security conference, the researchers demonstrated how a malicious app running in the background could monitor a window manager and correctly infer from activity there what a given app was doing, allowing the malicious app to execute MITM attacks such as launching a dummy login screen to capture credentials when a banking app is launched. Another possible scenario is a camera-peeking attack in which the malicious app watches for a banking app to use the camera to take a photo of a check for automatic deposit, and take its own photo immediately afterward without the user's knowledge.

Because the attack works at such a fundamental level, the researchers suspect it also affects Windows and iOS devices.

From InformationWeek
View Full Article


Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


No entries found