Vulnerabilities in Android smartphones allow steal money and passwords

Posted: September 17, 2012 in Vulnerability News
Tags: , ,

Android HackedExpert Research Center Positive Research Artem Chaykin discovered two critical vulnerabilities in Chrome browser for the platform Google Android. They may compromise the majority of the latest smartphones and tablets, as from Android 4.1 Jelly Bean, Chrome browser is the primary system.

Using the first of the found vulnerabilities, an attacker could gain access to all user data in the browser Google Chrome, including user history files, cookie, cache and so on

The second vulnerability allows execution of arbitrary JavaScript-code in the security context of any site. It is a universal attack of the “Cross-Site Scripting” (Universal XSS), having carried out that, cybercriminals could compromise, such as bank account for your Mobile Internet bank and make embezzlement.

Thanks to the professional work of vulnerabilities in the browser Google Chrome for Android have been eliminated in the shortest possible time. To eliminate errors in the browser security, users should download and install the new version of Chrome.

Cooperation of Positive Technologies (a division of which is the Research Center Positive Research) and Google has been going on for several years. In 2010, the names of several experts, Positive Technologies were introduced to the virtual “Hall of Fame” Google. In spring 2012 the expert Positive Technologies Dmitry Serebryannikov discovered a critical vulnerability in the website of the corporation for which he was awarded in the Vulnerability Reward Program.

“Our experts have extensive experience in identifying and addressing vulnerabilities in mobile applications – Internet customers, browsers, antivirus, email clients, – said Dmitry Yevteyev, head of security analysis Positive Technologies. – Moreover, in late July 2012, we launched a special service for the analysis of security critical applications on mobile platforms (Apple iOS, Google Android, Windows Phone, etc.). We believe the banks and payment systems require a higher level of security of mobile platforms, acting increasingly terminal for financial transactions. “

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s