Wednesday, March 04, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Says Android Lollipop Does Not Encrypt Data Due To Performance Issues
Apple To Release Fix For Freak Security Bug
Mozilla Brings Native Games to the Web
AMD Enters The Virtual Reality market With Liquid VR
SanDisk Creates New Storage Category With InfiniFlash All-Flash Storage System
HyperX Releases FURY And High-capacity Predator DDR4 Kits
ARM Announces Enlighten 3 Engine
Samsung Lost Top Position to Apple in Q4's Global Smartphone Market
Active Discussions
Need serious help!!!!
burning
nvidia 6200 review
Hello
Burning Multimedia in track 0
I'm lazy. Please help.
sanyo e6 camera
need help on some cd burning...
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, December 16, 2013
Fraunhofer Reports Massive Security Issues with Apps


Many popular Android apps pose significant security threats, according to researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany (Fraunhofer SIT).

The researchers conlcuded that by exploiting weaknesses in the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data, e.g., user names and passwords. Fraunhofer SIT informed over 30 affected app manufacturers and so far, 16 closed the security gap. Among those were Amazon, Yahoo, Google, and Volkswagen Bank.

The user's security risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft. In these cases access data is used for a variety of services, like email and cloud storage.

MIT's researchers say that the vulnerability is introduced by an incorrect use of SSL. SSL cryptographically protects the connection between apps and servers. This protection relies on so-called public-key certificates. When receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with. The researchers found that in the listed apps, this verification is not done correctly.

"From a technical perspective, this is a small mistake. But it can have a huge impact on security," says Dr. Jens Heider from Fraunhofer SIT. For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication.

"In principle, the vulnerability is extremely easy to fix," says Heider. He and his team already informed the manufacturers several weeks ago and asked for the weakness to be remedied. The team has rechecked every new update. "Users need to make sure they always update their apps to the newest version," recommends Heider.

Fraunhofer SIT tested a total of 2,000 Android apps.




Previous
Next
New AMD Radeon R7 260 GPU Shipping Mid-January        All News        Intel To Buy Wireless Infrastructure Division of Mindspeed
Samsung Releases Smartphone GamePad Controller For Android Smartphones     Mobiles News      Appeals Court Rejects Google's Motorola Bid to Overturn Microsoft Victory

Get RSS feed Easy Print E-Mail this Message

Related News
Fraunhofer To Showcase The Future Of TV at IBC
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Makes CD-like Voice Available for VoIP Apps
Fujitsu and Fraunhofer To Partner on Nanometre Technology
Fraunhofer Researchers Create The World's Thinnest Video Projector
Technology Transmits 3-D movies via Internet and Satellite
Fraunhofer Showcases Autostereoscopic 3D Displays at CeBIT 2010
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android
Fraunhofer Demonstrates First CD-Quality Mobile Phone Calls
Fraunhofer IIS Introduces MP3 Surround Sound for Internet Radios
Fraunhofer IIS Licenses MPEG-4 Audio Codec to NXP Semiconductors
MP3 Gets Surround Sound

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .