Friday, January 30, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
HDDs Shipments Increased In 2014
FCC To Fine AT&T For Unathorized Operation Of Wireless Stations
Google Reports Increased Profit
Facebook Introduces Place Tips in News Feed
AMD Cuts Prices Of Radeon Graphics Card To Cash On GTX 970 Memory Furor
HyperX Sets DDR4 Overclocking Record
Intel 5th Generation vPro Processors Released
Mobile Provider TracFone to Pay $40 Million to Settle FTC Charges
Active Discussions
Writing Audio files on DVDs ?
Need major help with Gigabeat
New match-3 puzzle game launch now!
Rimage 2000i
Sound card for my Laptop
hello
full screen wide screen
Hi
 Home > News > Mobiles > Fraunho...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, December 16, 2013
Fraunhofer Reports Massive Security Issues with Apps


Many popular Android apps pose significant security threats, according to researchers at the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany (Fraunhofer SIT).

The researchers conlcuded that by exploiting weaknesses in the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data, e.g., user names and passwords. Fraunhofer SIT informed over 30 affected app manufacturers and so far, 16 closed the security gap. Among those were Amazon, Yahoo, Google, and Volkswagen Bank.

The user's security risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft. In these cases access data is used for a variety of services, like email and cloud storage.

MIT's researchers say that the vulnerability is introduced by an incorrect use of SSL. SSL cryptographically protects the connection between apps and servers. This protection relies on so-called public-key certificates. When receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with. The researchers found that in the listed apps, this verification is not done correctly.

"From a technical perspective, this is a small mistake. But it can have a huge impact on security," says Dr. Jens Heider from Fraunhofer SIT. For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication.

"In principle, the vulnerability is extremely easy to fix," says Heider. He and his team already informed the manufacturers several weeks ago and asked for the weakness to be remedied. The team has rechecked every new update. "Users need to make sure they always update their apps to the newest version," recommends Heider.

Fraunhofer SIT tested a total of 2,000 Android apps.




Previous
Next
New AMD Radeon R7 260 GPU Shipping Mid-January        All News        Intel To Buy Wireless Infrastructure Division of Mindspeed
Samsung Releases Smartphone GamePad Controller For Android Smartphones     Mobiles News      Appeals Court Rejects Google's Motorola Bid to Overturn Microsoft Victory

Get RSS feed Easy Print E-Mail this Message

Related News
Fraunhofer To Showcase The Future Of TV at IBC
Fraunhofer IIS to Present MPEG-H Audio at CES
Fraunhofer Makes CD-like Voice Available for VoIP Apps
Fujitsu and Fraunhofer To Partner on Nanometre Technology
Fraunhofer Researchers Create The World's Thinnest Video Projector
Technology Transmits 3-D movies via Internet and Satellite
Fraunhofer Showcases Autostereoscopic 3D Displays at CeBIT 2010
Fraunhofer MPEG Audio Codecs and Mobile Surround Sound Available for Android
Fraunhofer Demonstrates First CD-Quality Mobile Phone Calls
Fraunhofer IIS Introduces MP3 Surround Sound for Internet Radios
Fraunhofer IIS Licenses MPEG-4 Audio Codec to NXP Semiconductors
MP3 Gets Surround Sound

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .