Android hacking | Breaking Cybersecurity News | The Hacker News

A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of

Researchers have warned users of Android devices to avoid app downloads from particularly unauthorized sources, since a new and sophisticated piece of malware is targeting Android users through phishing emails . The malware, dubbed SandroRAT , is currently being used by cybercriminals to target Android users in Poland via a widely spread email spam campaign that delivers a new variant of an Android remote access tool (RAT). The emails masquerade itself as a bank alert that warns users of the malware infection in their mobile device and offers a fake mobile security solution in order to get rid of the malware infection. The mobile security solution poses as a Kaspersky Mobile Security , but in real, it is a version of SandroRAT, a remote access tool devised for Android devices, whose source code has been put on sale on underground Hack Forums since December last year. A mobile malware researcher at McAfee, Carlos Castillo, detailed the new variant of Android remot

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Many Smartphone applications support, installation or app data storage to an external SD Card, that can be helpful in saving space on the internal memory, but also vulnerable to hackers. Typically, an app that has permission to read and write data from an SD card has the permission to read all data on that card, including information written by other apps. This means that if you install a malicious application by mistake, it can easily steal any sensitive data from your Phone's SD Card. To prevent the data from being misused by any other app, the best implementation is to encrypt the data, but that will drop the performance of the device. On its 10th birthday, as a treat for mobile developers, Facebook has unveiled the source code of its Android security tool called ' Conceal ' cryptographic API Java library, that will allow app developers to encrypt data on disk in the most resource efficient way, with an easy-to-use programming interface. Smaller th

In September, Google added the remote Device locking Capability to its Android Device Manager , allowing users to lock their phone if it's stolen or lost. The mechanism allows user to override the existing device lock scheme and set password scheme for better security. But Recently, Curesec Research Team  from Germany has discovered an interesting vulnerability ( CVE-2013-6271 ) in   Android 4.3 that allows a rogue app to remove all existing device locks activated by a user. ' The bug exists on the "com.android.settings.ChooseLockGeneric class". This class is used to allow the user to modify the type of lock mechanism the device should have. ' CRT team says in a blog post Android OS has several device lock mechanisms like PIN, Password, Gesture and even faces recognition to lock and unlock a device. For modification in password settings, the device asks the user for confirmation of the previous lock. But if some malicious application is installed on the device, it coul

The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Thousands of applications in the Google Play market that are using these implementations. A group of researchers including Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith from Distributed Computing & Security Group - Leibniz University of Hannover, Hannover, Germany and Lars Baumgärtner, Bernd Freisleben from Department of Math. & Computer Science - Philipps University of Marburg, Marburg, Germany, have presented a paper that  most of these applications contain serious mistakes in the way that SSL/TLS is implemented, that leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Tests performed on 100 selected apps confirmed that 41 of them were vulnerable to known attacks.  The

Android's App store is currently facing a new dilemma as its security has been compromised once again. Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. The malicious code was hidden within an app named, "Updates" by developer Good Byte Labs (Package name: com.updateszxt) and was designed to look like an update to the Lookout™ mobile security application. The malware detected as Trojan!FakeLookout.A  is capable of stealing SMS and MMS messages and upload them to a remote server via FTP. This virus has the potential to steal all personal business sensitive data from the users' device. Though there are no reports of being infected by the users, it is believed that the infected users are not aware of it yet. " New approach being attempted by malware makers, " TrustGo said the site in question " contains a Trojan file that targets multiple platfo

A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros (£405,000) since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software that looked like normal smartphone apps, but these programs stole money through hidden transactions. He also used programs that sent him the usernames and passwords for gambling and gaming websites. The man admitted his crimes to police after he was arrested in the northern French city of Amiens. He told officials that he was motivated by a strong interest in computers and the desire to be a software developer.

Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI , is a "work-at-home opportunity that promises a profitable payday just for sending out email." The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher .  Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number . FinFisher is a spyware capable of taking over the components of a mobile device. When in