Huge new costly Android security flaw

Discussion in 'malware problems & news' started by hawki, Jul 8, 2014.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Dec 17, 2008
    DC Metro Area
    "According to a report from IDG News Service, a newly discovered Android vulnerability allows apps to make unauthorized phone calls or disrupt ongoing calls. By exploiting the security hole, malicious software would be able to place calls to premium-rate phone numbers, potentially resulting in hundreds of dollars worth of charges on the user’s account.

    “An attacker could, for instance, trick victims into installing a tampered application and then use it to call premium-rate numbers they own or even regular ones and listen to the discussions in the range of the phone’s microphone,” Bogdan Botezatu, an analyst at Bitdefender, told IDG. “The premium-rate approach looks more plausible, especially since Android does not screen premium-rate numbers for voice as it happens with text messages.”

    Researchers from security firm Curesec reportedly discovered the flaw, and they say Google has been informed. They also report that the flaw has been fixed in Android 4.4.4 KitKat, but it is still present in Android 4.1.x, 4.2.x and 4.3.x, as well as in Android 4.4.1, 4.4.2 and 4.4.3.

    According to Google’s publicly available Android version distribution data, nearly 70% of Android devices currently in use could be affected by the flaw. TheBoyGeniusReport (BGR | Boy Genius Report)
Thread Status:
Not open for further replies.