- Jan 8, 2011
- 22,361
Android Multi-tasking Flaw:
Google Response:
We're told the vulnerability can be exploited to show a spoofed user interface, controlled by an attacker, when someone starts an app: the owner will not be aware that they are typing into another program masquerading as a legit application.
"The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system," warned Chuangang Ren, a security researcher from Penn State University.
A paper on the vulnerability [PDF]
"The enabled attacks can affect all latest Android versions and all apps (including the most privileged system apps) installed on the system," warned Chuangang Ren, a security researcher from Penn State University.
A paper on the vulnerability [PDF]
Google Response:
A Google spokeswoman reckons the researchers have overstated the threat, and have failed to factor in protection mechanisms in place in Android. "We appreciate this theoretical research as it makes Android's security stronger," she said.
"Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features."
"Android users are protected from attempts at phishing or hijacking like this (including manipulation of the user interface) with Verify Apps and Safety Net security features."