Android Camera App Bug Lets Apps Record Video Without Permission
A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions. […]
Games and Utility Apps in Play Store Hide Bankers and Spyware
Despite Google’s efforts to keep its Android store risk free, malicious apps continue to make it past the verification process. In September, the assortment of trojans detected in Google Play included downloaders, bankers, adware, and spyware. […]
Chinese Mobile Antivirus App Caught Siphoning User Data
Google removed — and then reinstated — one of the most popular mobile antivirus apps on the Play Store after security firm Check Point discovered that the app was secretly collecting device data from users’ smartphones. The app in question is named DU Antivirus Security and was created by the DU Group, a company part […]
Researchers Discover New Android Banking Trojan
Security researchers have detected a new Android banking trojan by the name of Red Alert 2.0 that was developed during the past few months and has been recently rolled out into distribution. According to a report shared with Bleeping Computer before publication, security researchers from SfyLabs first saw ads for this trojan on a hacking […]
Intra-Library Collusion Attacks Open the Door for a Whole New Kind of Android Malware
A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library Collusion (ILC) that could make identifying Android malware much harder in the upcoming future. The research team has described the ILC attack vector in a research paper released last […]
Android Oreo Bug Bypasses WiFi to Use Mobile Data and Incur Extra Costs
A bug discovered in the recently launched Android 8.0 Oreo spends users’ mobile data allowance, even when the phone’s mobile WiFi connection is enabled. Smartphones can connect to the Internet in two ways. Via a local access point or router (WiFi connection) or by using the mobile carrier’s network (mobile data connection). Most users enable […]
TrustZone Downgrade Attack Opens Android Devices to Old Vulnerabilities
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system. According to a team of four computer scientists from the Florida State University and Baidu X-Lab, the problem lies in the design of the ARM TrustZone technology, […]
Vulnerabilities Discovered in Mobile Bootloaders of Major Vendors
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara. Researchers developed BootStomp to analyze […]