Mobile security experts say they've devised multiple ways to bypass the cloud-based service Google uses to keep its online market free of malicious Android apps.
By exploiting the weaknesses in Google's Bouncer service, researchers Jon Oberheide and Charlie Miller say it's possible to sneak malicious apps into Google Play. In a video demonstration, they show how one of their techniques gives them a remote connection to an emulated Android device hosted by Bouncer. By feeding it commands to display files and reveal system attributes, the researchers were able to divulge information about the way the system works.
"So this is just one technique to fingerprint the Bouncer environment, allowing a malicious app to appear benign when run within Bouncer, and yet still perform malicious activities when run on a real user's device," Oberheide said in the video. It was released on Monday, ahead of a presentation he and Miller are scheduled to give later this week at the SummerCon conference in New York City.
Read more | Comments
No comments:
Post a Comment