Security has always been a huge concern for Android users. From seemingly insignificant security flaws to massive outbreaks that make international headlines,
it’s never a bad idea to be cautious when downloading a new app or
browsing the web. Unfortunately, sometimes even being careful isn’t
enough. In a recent analysis, the FireEye Mobile Security Team discovered that 68% of the top 1,000 free apps on Google Play are vulnerable to man-in-the-middle attacks.
According to OWASP,
a man-in-the-middle (MITM) attack is when an attacker intercepts a
communication between two systems and then splits the connection in two,
injecting new data in between.
The 1,000 free apps were just a sample of the roughly 10,000 applications FireEye checked during the analysis. The results are just as unsettling on a larger scale as well:
“Roughly 4,000 (40%) [apps] use trust managers that do not check
server certificates, exposing any data they exchange with their servers
to potential theft,” writes the security team. “Furthermore, around 750
(7%) applications use hostname verifiers that do not check hostnames,
implying that they are incapable of detecting redirection attacks where
the attacker redirects the server request to a malicious webserver
controlled by the attacker. Finally, 1,300 (13%) do not check SSL errors
when they use Webkit.”
It’s up to developers to ensure their apps are protected from common
vulnerabilities that could potentially lead to stolen data and
information. Until then, think twice before downloading the latest free
app.
Article from >>>>
0 comments:
Post a Comment
Think you for your visit. We hope that you will be back soon.