Tuesday, October 21, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Play Music App To Follow Your Mood
Login To Google Using A USB Security Key
Toshiba Debuts New 2-in-1 Convertible PC with a 360-Degree Design
Acer Leads The Growing Chromebook Market
China Denies Apple's iCloud Hack Allegations
Samsung Galaxy KNOX Devices Approved for U.S. Government Classified Use
iPhone 6 Demand Help ARM's Growth
SK Hynix Develops High Density 16GB NVDIMM
Active Discussions
Copied dvd's say blank in computer only
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, December 16, 2013
Fraunhofer Reports Massive Security Issues with Apps


Many popular Android apps pose significant security threats, according to researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany (Fraunhofer SIT).

The researchers conlcuded that by exploiting weaknesses in the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data, e.g., user names and passwords. Fraunhofer SIT informed over 30 affected app manufacturers and so far, 16 closed the security gap. Among those were Amazon, Yahoo, Google, and Volkswagen Bank.

The user's security risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft. In these cases access data is used for a variety of services, like email and cloud storage.

MIT's researchers say that the vulnerability is introduced by an incorrect use of SSL. SSL cryptographically protects the connection between apps and servers. This protection relies on so-called public-key certificates. When receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with. The researchers found that in the listed apps, this verification is not done correctly.

"From a technical perspective, this is a small mistake. But it can have a huge impact on security," says Dr. Jens Heider from Fraunhofer SIT. For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication.

"In principle, the vulnerability is extremely easy to fix," says Heider. He and his team already informed the manufacturers several weeks ago and asked for the weakness to be remedied. The team has rechecked every new update. "Users need to make sure they always update their apps to the newest version," recommends Heider.

Fraunhofer SIT tested a total of 2,000 Android apps.




Previous
Next
New AMD Radeon R7 260 GPU Shipping Mid-January        All News        Intel To Buy Wireless Infrastructure Division of Mindspeed
Samsung Releases Smartphone GamePad Controller For Android Smartphones     Mobiles News      Appeals Court Rejects Google's Motorola Bid to Overturn Microsoft Victory

Get RSS feed Easy Print E-Mail this Message

Related News
Fraunhofer To Showcase The Future Of TV at IBC
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Makes CD-like Voice Available for VoIP Apps
Fujitsu and Fraunhofer To Partner on Nanometre Technology
Fraunhofer Researchers Create The World's Thinnest Video Projector
Technology Transmits 3-D movies via Internet and Satellite
Fraunhofer Showcases Autostereoscopic 3D Displays at CeBIT 2010
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android
Fraunhofer Demonstrates First CD-Quality Mobile Phone Calls
Fraunhofer IIS Introduces MP3 Surround Sound for Internet Radios
Fraunhofer IIS Licenses MPEG-4 Audio Codec to NXP Semiconductors
MP3 Gets Surround Sound

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .