Thursday, November 26, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
German ISPs May Block Music-sharing Sites: court
Study Says HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide
SK Hynix Rejects Chinese Take-over Offer
New Huawei Mate 8 Smartphone Launched With Kirin 950 Inside
Samsung's New DDR4 with TSV Gives a Boost To Data Centers and Servers
New Raspberry Pi Zero Is A $5 Tiny Computer
Panasonic's CX Ultra HD Smart TVs Bring 4K Closer To Home
New LG Ray Smartphone Focuses On Photo Shooting
Active Discussions
roxio issues with xp pro
How to back up a PS2 DL game
Copy a protected DVD?
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, December 16, 2013
Fraunhofer Reports Massive Security Issues with Apps

Many popular Android apps pose significant security threats, according to researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany (Fraunhofer SIT).

The researchers conlcuded that by exploiting weaknesses in the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data, e.g., user names and passwords. Fraunhofer SIT informed over 30 affected app manufacturers and so far, 16 closed the security gap. Among those were Amazon, Yahoo, Google, and Volkswagen Bank.

The user's security risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft. In these cases access data is used for a variety of services, like email and cloud storage.

MIT's researchers say that the vulnerability is introduced by an incorrect use of SSL. SSL cryptographically protects the connection between apps and servers. This protection relies on so-called public-key certificates. When receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with. The researchers found that in the listed apps, this verification is not done correctly.

"From a technical perspective, this is a small mistake. But it can have a huge impact on security," says Dr. Jens Heider from Fraunhofer SIT. For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication.

"In principle, the vulnerability is extremely easy to fix," says Heider. He and his team already informed the manufacturers several weeks ago and asked for the weakness to be remedied. The team has rechecked every new update. "Users need to make sure they always update their apps to the newest version," recommends Heider.

Fraunhofer SIT tested a total of 2,000 Android apps.

New AMD Radeon R7 260 GPU Shipping Mid-January        All News        Intel To Buy Wireless Infrastructure Division of Mindspeed
Samsung Releases Smartphone GamePad Controller For Android Smartphones     Mobiles News      Appeals Court Rejects Google's Motorola Bid to Overturn Microsoft Victory

Get RSS feed Easy Print E-Mail this Message

Related News
Fraunhofer To Showcase The Future Of TV at IBC
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Makes CD-like Voice Available for VoIP Apps
Fujitsu and Fraunhofer To Partner on Nanometre Technology
Fraunhofer Researchers Create The World's Thinnest Video Projector
Technology Transmits 3-D movies via Internet and Satellite
Fraunhofer Showcases Autostereoscopic 3D Displays at CeBIT 2010
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android
Fraunhofer Demonstrates First CD-Quality Mobile Phone Calls
Fraunhofer IIS Introduces MP3 Surround Sound for Internet Radios
Fraunhofer IIS Licenses MPEG-4 Audio Codec to NXP Semiconductors
MP3 Gets Surround Sound

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .