echo ''; Clamorworld » In everyday life every one of us comes across various experiences, incidents which we either don’t share with anyone or share with family members and friends. Print media, electronic media and various medium shows the news, but its ends up showing one sided of the story. We never come to know the other side of story. With so much happening every day, every second across our neighborhood, society, and world it’s difficult for the news media to cover all the news. Many times we have felt wish we could share our voice, opinion, thoughts with the world. Many a times we have felt the frustration, anger and helplessness for not being able to do anything about an incident. Have you ever felt, for a good cause, you need support, but don’t know how to garner the support and attention. So, now you have an option “www.Clamorworld.com“. This is a platform to share everything you want to. A website 100% runs by the people for the people. The world is waiting to listen to your voice, the voice which has kept you suppressed so far. If you do not want to share the incident, event personally, please send it to us at contact@clamorworld.com, and we will share it on your behalf and assure to keep your name confidential. Let’s make this world a peaceful and a happy place to live. » Massive security alert over Android ‘Fake ID’ bug as experts warn personal and financial details of millions of users have been at risk for four YEARS

Massive security alert over Android ‘Fake ID’ bug as experts warn personal and financial details of millions of users have been at risk for four YEARS

 
  • Malware can impersonate other apps in order to gain access to secure areas of your phone
  • Vulnerability dates back to the January 2010 release of Android 2.1
  • Malware could also gain access to Google Wallet to steal financial information
  • Google has issued patch for the bug

A new flaw in Google’s Android mobile operating system leaves the personal and financial details of users open to hackers, a mobile analytics firm has claimed.

Called Fake ID and discovered by security firm Bluebox Security, the malicious software, or malware, can impersonate other apps in order to gain access to secure areas of your phone and sensitive data that it holds, without the user becoming aware.

Experts say the flaw has been present since 2010.

Android is the operating system developed by technology giant Google.

In a blog post on the Bluebox website, chief technology officer Jeff Forristal, said: ‘The vulnerability allows malicious applications to impersonate specially recognised trusted applications without any user notification.

‘This is a widespread vulnerability dating back to the January 2010 release of Android 2.1.

Mr Forristal also suggested the malware could gain access to ‘financial and payment data by impersonating Google Wallet’, an app which utilises mobile payments, leaving thousands of user accounts at risk.

However, Google has moved to calm any fears by confirming they have been alerted to the problem and issued a fix to protect users.

‘We appreciate Bluebox responsibly reporting this vulnerability to us.

Third-party research is one of the ways Android is made stronger for users,’ said a Google spokesman. ‘After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to the Android Open Source Project.’

The technology giant also said that they had scanned their app store and found no apps that are currently exploiting the vulnerability.

Craig Young, security researcher at online firm Tripwire said that as long as users stick to official apps from the Google Play Store, they are unlikely to be in too much danger.

‘All is not lost for owners of unsupported devices as long as they stick to applications obtained from the Google Play store and do not enable apps from untrusted sources,’ he said.

‘Users without access to Google Play or who want an added layer of protection should install a mobile anti-virus product to detect this and other malicious apps.

This was a view echoed by Jonathan French from web security company AppRiver, who suggested that the bug might not have even been known to hackers.

‘Probably not many people will already be affected by the flaw.

Security flaws do go unnoticed by companies but that usually means they go unnoticed by hackers as well.

It’s very possible that this vulnerability was already being used in the wild but my guess would be even if it was, the impact would be pretty low.

‘It seems Google is aware of the flaw now and monitoring for any apps that attempt to use this vulnerability. ‘So if you get your apps from the Play Store, you should hopefully be ok.

A YEAR OF SECURITY SCARES

The news of this flaw is the latest in a wave of recent vulnerabilities that have been reported online.

The Heartbleed bug that affected the SSL certificate used to encrypt user information on the web was discovered earlier this year.

It led to a host of major websites having to issue patches to protect users, and UK parents’ forum Mumsnet announced they were hacked as a result of the flaw.

E-commerce giant eBay was another high profile victim of hacking earlier this year, when millions of user passwords and other data was compromised after a flaw was discovered in its security .

‘If you get apps from elsewhere, it should go without saying that you are potentially putting your device at great risk.

Bluebox has confirmed that it will be releasing it’s own app that will scan a device to check whether it is at risk to the vulnerability.

According to a 2013 survey, more than 60% of the world’s smartphone users have an Android device.

HOW IT WORKS

Called Fake ID, the malicious software, or malware, can impersonate other apps in order to gain access to secure areas of Android phones and tablets.

It can then extract sensitive data that it holds, without the user becoming aware.

The vulnerability dates back to the January 2010 release of Android 2.1

The malware could also gain access to Google Wallet, an app which utilises mobile payments, leaving thousands of user accounts at risk.

However, Google has moved to calm any fears by confirming they have been alerted to the problem and issued a fix to protect users. .

 

 

 

  •  

Leave a reply