Zhendong Su and his students at the UC Davis computer science department have found serious security flaws in popular apps for Android smartphones.
Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.
The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace.
The researchers focused initially on the Android platform, which has about a half-billion users worldwide.
Android is quite different from Apple's iOS platform, but there may well be similar problems with iPhone apps, Xu said. The victim would first have to download a piece of malicious code onto their phone.
This could be disguised as or hidden in a useful app, or attached to a "phishing" e-mail or Web link. The malicious code would then invade the vulnerable programs.
The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.
"It's a developer error," Xu said. "This code was intended to be private but they left it public."
The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.
No comments:
Post a Comment