Verifique seu telefone: Pesquisadores descoberta escondida remendo Gap no Android

Os pesquisadores Karsten Nohl e Jakob Lell da empresa de segurança de Segurança Research Labs descobriram uma lacuna remendo escondido em dispositivos Android. Os dois realizaram uma análise de dois anos 1,200 telefones Android, and just presented their results during the Hack in the Box conference in Amsterdam.

Story relacionado: SonicSpy Spyware Android gera mais 1000 Apps

Android’s Hidden Patch Gap Explained

Android has had its difficulties with patching in the past, com apenas 17% of devices operating on a recent patch level in 2016, Os pesquisadores apontou. Even though things have improved since then with vendors improving their patch frequency, it still turns out that Android is not as fully secured as it should be.

Mais especificamente, the freshly-released large study of Android phones reveals that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to various threats.

Modern operating systems include several security barriers, for example ASLR and sandboxing, all of which typically need to be breached to remotely hack a phone. Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device. Em vez de, multiple bugs need to be chained together for a successful hack.

The problem is that malicious actors are aware of the challenges in hacking Android phones. portanto, the focus is on social engineering tricks where users are lured into installing malicious applications. We have seen plenty of infections stemming from infected apps downloaded from third-party stores and sometimes even from Google Play.

Story relacionado: Malicioso QR Android Leitor Apps baixado mais de 500 mil vezes

Once installed on a device, the app grants excessive permissions and hackers can do whatever they are seeking to do. Em outras palavras, in order to get access to Android phones hackers don’t need to carry out complex hacking activities. They just need to trick the user into installing a bad app. Claro, state-sponsored attackers can operate in a stealthiy manner and often employ zero-day flaws in their attacks.

Be aware of your Android patch level, the researchers’ advice is

Patching is critically important to uphold the effectiveness of the different security layers already found in Android. Now that monthly patches are an accepted baseline for many phones, it’s time to ask for each monthly update to cover all relevant patches.

Users can verify their vendors’ patching claims regarding their devices by measuring the patch level of their Android phones by using a free app called SnoopSnitch. SnoopSnitch is designed to analyze the user’s phone’s firmware, and provides a detailed report with the patch-status of vulnerabilities (CVEs) on a monthly basis.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar