Number: IRCNE2014082298
Date: 2014-08-24
According to “zdnet”, the majority of Android's most popular apps are susceptible to SSL vulnerabilities, according to new research.
Google's Android operating system is an open-source, free framework which appeals to developers due to this unrestrictive nature. However, with such an open and free system, there is always the potential for abuse, a lack of patching and security consistency, and a wealth of Android-based operating systems and apps which many contain different vulnerabilities that can be exploited.
After analyzing the 1,000 most-downloaded free Android applications in the Google Play store, the FireEye Mobile Security Team found that a significant portion of them are susceptible to Man-In-The-Middle (MITM) attacks. According to a blog post published Thursday, the researchers found that as of July 17, 2014, 674 out of 1,000 contained at least one of three SSL vulnerabilities studied.
In other words, 68 percent of the most popular apps could become a pathway for cybercriminals to lift sensitive data.
The security team says that many of these vulnerabilities were traced back to configurations within advertising libraries used by app developers.
While the HTTPS protocol is often used to make it harder to intercept data, the incorrect use of the Android platform’s SSL libraries can become the weak link which allows MITM attacks.
The developers of vulnerable apps discovered were notified by the FireEye team, and were subsequently acknowledged with the promise of addressing the vulnerabilities in subsequent versions of their applications.
- 2