Categories
Android mobile development mobile news

Androids Using Open Wi-Fi May Be Susceptible to Attacks

The issue is mainly with older Android versions having a vulnerability that would allow attacks over an open network. These weaknesses are the result of the widely used programming interface in a lot of apps known as WebView (allows webpages and content to be opened within apps themselves). A lot of apps don’t properly secure the interaction between the phone’s WebView component and the webpage content being downloaded. So, on the same open network, a device can be targeted and hijacked, in the process having malicious code injected and possibly executed by the phone itself. Apparently, devices with version 4.1 and earlier don’t make proper use of SSL; this can allow a hijacker to potentially gain root access to a devices OS. This vulnerability has far reaching effects and stems from Javascript-based programming interfaces. Now, fundamentally, Android’s overall design does help in making such things very difficult, but it cannot eradicate the possibilities for the common user who may not be aware of some of the system’s and apps’ functioning.

Users of 4.2 and later are better protected because of added security enhancements, but the issue at hand largely depends on app developers maintaining good practices when developing and releasing they’re products. Tim Wyatt, a security director at Lookout, has some input to give one the current situation and what needs to be done. Very interesting article.

 

 

Source: http://arstechnica.com/security/2013/09/attackers-can-slip-malicious-code-into-many-android-apps-via-open-wi-fi/

Leave a Reply