According to the findings of a new computer security research carried out by
German researchers, nearly 8 percent of Android apps are "vulnerable" to attacks because of weak SSL implementations; and are apparently leaking the users' personal details, including their bank account information and webcam access.
Going by the study's results shared by researchers at the Leibniz University of Hannover and the Philipps University of Marburg, tests of 13,500 free and popular Android apps - available form the Google Play Store - showed that the coding used by as many as 1074 apps, or 8 percent apps, was either incorrect or inadequate; thereby increasing their vulnerability to attacks.
The researchers elaborated that the 8 percent "vulnerable" Android apps chiefly contained SSL/TLS code which can potentially increased their risk of threat from what is called a Man-in-the-Middle (MITM) attack.
Highlighting the findings of their research in a paper titled "Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security," the researchers said that since SSL/TLS are cryptographic protocols used for securing online communications, the implementation mechanism of these protocols as well as their dependence on a trusted third-party Certificate Authority make many apps susceptible to attacks.
Affirming the findings of the German researchers, security firm Sophos' Paul Ducklin said that a badly written app seemingly has a rather low "barrier of entry"; and added: "You can occasionally stumble across stuff which really shouldn't be in the Play Store."
No comments:
Post a Comment