It has been over a month since then, the researchers reported two serious vulnerabilities in the security system Android, but until there are no data, when they will be corrected in the operating system created by Google, which is the world’s most popular platform for smartphones.
The first vulnerability allows applications to install without your permission. Privilege escalation allows attackers to secretly install malicious software, just as it did exploit PoC-published researcher John Oberheydom . Then the application which he introduced in the Android Market and disguised under the addition to Angry Birds, secretly installs three additional applications that without warning the user control the contacts in the phone, the location, text messages, so that data can be transmitted to a remote server.
“The ecosystem of Android Market continues to be a favorable area for bugs,” – wrote in an email to John Oberheyd. “There are a number of complex relationships between devices and servers, Google Market, and they are made even more complex and dangerous Android Web Market”.
The second error is in the Linux kernel and allows installed applications with limited privileges to get full control over the device. This bug is contained in the code, which some manufacturers have used in the most popular phones, including the Nexus S. Vulnerability undermines the security mechanism, created by the developers of Google to contain the damage, which may cause the application to any phone.
Oberheyd and his colleague, Zach Lanier plan to tell more about the vulnerabilities in November, the two-day training course at a conference in Barcelona SOURCE. At the same time they made a short video showing the exploit in their action.