Printed from http://www.electronista.com

Android vulnerability enables attacks over open Wi-Fi networks

updated 11:15 am EDT, Fri September 27, 2013

Some apps fail to properly employ SSL

Researchers have reportedly discovered a new Android vulnerability that potentially affects a large number of devices. The issue is said to be directly related to the WebView programming interface, used for web-based features within native apps. Some Android apps reportedly fail to properly secure data as it is transferred between the Internet and the app's WebView feature, leaving the device open to attack by someone else on the same Wi-Fi network.

"The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory," research firm MWR InfoSecurity wrote in an advisory that was spotted by Ars Technica
The researchers suggest many Android apps are using older versions of SDKs for advertising networks, serving as a vulnerable route for man-in-the-middle attacks. Taking a close look at the top 100 apps in the Play Store, 62 were found to be "potentially" vulnerable to such attacks.

Despite the reports, Android's other security restrictions are said to serve as further protection against malicious code that is injected using the WebView vulnerability. Google also improved security with Android 4.2, providing more tools for developers to protect against such attacks.

Due to the software upgrade delays for most Android phones, an immediate resolution would require developers to update their apps with proper implementation of SSL encryption for WebView data.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

Moshi iVisor AG and XT for iPad Air 2

Have you ever tried to put in a screen protector that relies on static to cling to the screen? How many bubbles and wrinkles does it h ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

Advertisement

toggle

Most Commented