Wednesday, April 23, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook Enjoys High First-quarter Revenue
Qualcomm Reports Less Than Expected 2Q Revenue
iPhone Sales Drive Apple's Record March Quarter Revenue
Travelling Through Time On Updated Google Maps
OnePlus One To Launch Next Month
LG Display Reports First Quarter Results
Toshiba Announces Canvio AeroMobile Wireless SSD
Global Chip Revenue Rises in 2013
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, December 16, 2013
Fraunhofer Reports Massive Security Issues with Apps


Many popular Android apps pose significant security threats, according to researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany (Fraunhofer SIT).

The researchers conlcuded that by exploiting weaknesses in the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data, e.g., user names and passwords. Fraunhofer SIT informed over 30 affected app manufacturers and so far, 16 closed the security gap. Among those were Amazon, Yahoo, Google, and Volkswagen Bank.

The user's security risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft. In these cases access data is used for a variety of services, like email and cloud storage.

MIT's researchers say that the vulnerability is introduced by an incorrect use of SSL. SSL cryptographically protects the connection between apps and servers. This protection relies on so-called public-key certificates. When receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with. The researchers found that in the listed apps, this verification is not done correctly.

"From a technical perspective, this is a small mistake. But it can have a huge impact on security," says Dr. Jens Heider from Fraunhofer SIT. For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication.

"In principle, the vulnerability is extremely easy to fix," says Heider. He and his team already informed the manufacturers several weeks ago and asked for the weakness to be remedied. The team has rechecked every new update. "Users need to make sure they always update their apps to the newest version," recommends Heider.

Fraunhofer SIT tested a total of 2,000 Android apps.




Previous
Next
New AMD Radeon R7 260 GPU Shipping Mid-January        All News        Intel To Buy Wireless Infrastructure Division of Mindspeed
Samsung Releases Smartphone GamePad Controller For Android Smartphones     Mobiles News      Appeals Court Rejects Google's Motorola Bid to Overturn Microsoft Victory

Get RSS feed Easy Print E-Mail this Message

Related News
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Makes CD-like Voice Available for VoIP Apps
Fujitsu and Fraunhofer To Partner on Nanometre Technology
Fraunhofer Researchers Create The World's Thinnest Video Projector
Technology Transmits 3-D movies via Internet and Satellite
Fraunhofer Showcases Autostereoscopic 3D Displays at CeBIT 2010
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android
Fraunhofer Demonstrates First CD-Quality Mobile Phone Calls
Fraunhofer IIS Introduces MP3 Surround Sound for Internet Radios
Fraunhofer IIS Licenses MPEG-4 Audio Codec to NXP Semiconductors
MP3 Gets Surround Sound
Fraunhofer Institute to Leverage Processor Core for Handheld Multimedia Applications

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .