|26 Mar 2014||#1|
Malicious apps can hose Android phones, erase data, researchers warn
Security researchers said they have uncovered bugs in Google's Android operating system that could allow malicious apps to send vulnerable devices into a spiral of endlessly looping crashes and possibly delete all data stored on them.
Apps that exploit the denial-of-service vulnerability work on Android versions 2.3, 4.2.2, 4.3, and possibly many other releases of the operating system, researcher Ibrahim Balic wrote in a blog post published last week. Attackers could exploit the underlying memory corruption bug by hiding attack code in an otherwise useful or legitimate app that is programmed to be triggered only after it is installed on a vulnerable handset. By filling the Android "appname" field with an extremely long value exceeding 387,000 characters, the app can cause the device to go into an endless series of crashes.
"We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include 'bricking' a device or rendering it unusable in any way," Veo Zhang, a mobile threats analyst at Trend Micro, wrote in a blog post published Sunday. "In this context, the device is 'bricked' as it is trapped in an endless reboot loop."
|My System Specs|
|Similar help and support threads for2: Malicious apps can hose Android phones, erase data, researchers warn|
|Microsoft brings Office 365 data to Android apps||News|
|Calling android phones from PC?||General Discussion|
|Cnet Reports Google confirms it pulled malicious Android apps||Chillout Room|
|Free Android apps scrape personal data, send it to China||System Security|
© Designer Media Ltd
All times are GMT -5. The time now is 06:35 AM.