Close Menu
Technotification
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    Technotification
    • Home
    • News
    • How To
    • Explained
    • Facts
    • Lists
    • Programming
    • Security
    • Gaming
    Technotification
    Home › Security › Warning! While installing any android update,your device could be hacked

    Warning! While installing any android update,your device could be hacked

    By Vikram Singh RaoMarch 25, 2014
    Facebook Twitter Reddit LinkedIn
    Android is leading the way in both smartphones and tablets with nearly 79% of market share in smartphones and 62% in tablets. It is evolving fast and updates are quit frequent. However, these updates can put billions of Android users vulnerable to potential threat of a malware attack according to a recent research conducted jointly by Indiana University and Microsoft Research which will be presented atthe IEEE Security and Privacy symposium in May and is titled as: “Upgrading Your Android, Elevating My Malware: Privilege Escalation through Mobile OS Updating”.

    The researchers penned down the attack’s nature in following words:
    “As examples, on various versions of Android, an upgrade allows the unprivileged malware to get the permissions for accessing voicemails, user credentials, call logs, notifications of other apps, sending SMS, starting any activity regardless of permission protection or export state, etc.; the malware can also gain complete control of new signature and system permissions, lowering their protection levels to “normal” and arbitrarily changing their descriptions that the user needs to read when deciding on whether to grant them to an app; it can even replace the official Google Calendar app with a malicious one to get the phone user’s events, drop Javascript code in the data directory to be used by the new Android browser so as to steal the user’s sensitive data, or prevent her from installing critical system apps such as Google Play Services.”

    The interesting thing is that the attacks are not aimed at the current version of Android, which is normally the case, rather the target is updated future version when malware gains the rights to the information without the consent of the user during the up gradation process.  These are “called Pileup flaws, through which a maliciousapp can strategically declare a set of privileges and attributes ona low-version operating system (OS) and wait until it is upgradedto escalate its privileges on the new system.”
    The researchers were able to affirm that the issues exist in all “AOSP (Android Open Source Project) versions and 3,522 source code versions customized by Samsung, LG and HTC across the world.” Probing further, they looked into a measurement study on over 3,549 factory images from Google and Samsung and discovered an enormous amounts of “attack opportunities across different Android versions, countries, carriers and vendors.”
    Google responded by rolling out patch to vendors for one of the six flaws identified. It’s up to the vendors now to push it to your device as soon as possible. In the same way, Google still needs to find a solution for the remaining five flaws and it needs to do it quickly before a seemingly innocent app can wrack havoc across the Android world.
    The researchers developed a free security update scanner app with the name “SecUp” which can be run before any Android update to identify malicious apps that can use Pileup flaws. They have also updated videos to show how these Pileup flaws can be exploited by malicious apps. These videos are available at following Youtube links.

    Pileup attack – hacking Google account:
    https://www.youtube.com/watch?feature=player_embedded&v=4i0QaRGUJ-A

    Pileup Attack- Phishing on bank sites:
    https://www.youtube.com/watch?feature=player_embedded&v=MniYQb_N4YI

    Pileup Attack – Hacking Google Voice Messages:
    https://www.youtube.com/watch?feature=player_embedded&v=FyIujYPO3nw


    Share. Facebook Twitter LinkedIn Tumblr Reddit Telegram WhatsApp
    Vikram Singh Rao
    • Website
    • Facebook
    • X (Twitter)
    • LinkedIn

    I am an entrepreneur at heart who has made his hobby turned a passion, his profession now.

    Related Posts

    The Psychology of a Phishing Email: How Scammers Play with Your Mind

    July 16, 2024

    9 Essential Elements of a Strong Cyber Security Management System

    July 3, 2024

    Common Cyber Attacks and How to Prevent Them

    July 3, 2024

    How Cyber Security Paid Training Prepares You for Real-World Threats

    June 13, 2024

    The Role of Security in Server Colocation Environments

    March 12, 2024

    Navigating the Waters: Best Practices for Phishing Testing in 2024

    February 19, 2024
    Lists You May Like

    10 Sites to Watch Free Korean Drama [2025 Edition]

    January 2, 2025

    10 Best RARBG Alternative Sites in April 2025 [Working Links]

    April 1, 2025

    The Pirate Bay Proxy List in 2025 [Updated List]

    January 2, 2025

    10 Best Torrent Search Engine Sites (2025 Edition)

    February 12, 2025

    10 Best GTA V Roleplay Servers in 2025 (Updated List)

    January 6, 2025

    5 Best Torrent Sites for Software in 2025

    January 2, 2025

    1337x Alternatives, Proxies, and Mirror Sites in 2025

    January 2, 2025

    10 Best Torrent Sites for eBooks in 2025 [Working]

    January 2, 2025

    10 Best Anime Torrent Sites in 2025 [Working Sites]

    January 6, 2025

    Top Free Photo Editing Software For PC in 2025

    January 2, 2025
    Pages
    • About
    • Contact
    • Privacy
    • Careers
    Privacy

    Information such as the type of browser being used, its operating system, and your IP address is gathered in order to enhance your online experience.

    © 2013 - 2025 Technotification | All rights reserved.

    Type above and press Enter to search. Press Esc to cancel.