80% Of All Android Phones Are At Risk

_20140808_200944

Recently a well-known and recommended security research organization found a vulnerability in the legitimate certificate validation of the Android system. Hackers can create malicious apps to imitate trusted Android system apps such as Adobe Flash Plug-in, 3LM, etc. Malicious applications will then operate stealthily in user’s mobile devices, secretly stealing account numbers, passwords and other private information, making it a huge threat to all users.

How hackers forge trusted apps

Every Android application has its own certificate which serves as a unique identifier in the Android system, like an ID card. The Android system verifies the authenticity of an app only by referring to this ID. Once the ID is trusted, the app can carry out its operations as requested by users. Apps continue to be authenticated as long as they keep the same ID. In the real world, if one person holds the ID card of another, they can spoof that person’s identity and carry out certain transactions.

Impact of the Fake ID vulnerability

Currently the vulnerability affects devices running Android system versions from 2.1 to 4.3, which encompasses over 80% of Android users, or 100 million people worldwide.

As the Android system reports the malware as having a trusted ID, it’s difficult for the user to detect. For example, once a fake Adobe Flash ID malicious application has been verified by the system and installed on a device, it will be automatically loaded along with a browser and can then steal account credentials for online banking or social networking sites. Android will not know anything is wrong, as it thinks a trusted app is running.

Google and security vendors actively responded to Fake ID

Google published patch as soon as they discovered the vulnerability, and communicated to Samsung, HTC and other partners. At the same time they updated the Google Play app store to prevent applications that exploit the vulnerability from being added.

Users who can not update the system or install the Google Play Store are still at risk. For users who are part of this category, the CM Security Research Lab has developed a warning module and integrated it into CM Browser, Clean Master and CM Security, to provide instant protection and defense against this issue. Install Clean Master or CM Security immediately to ensure your device’s safety in real-time. As the same time surfing the web with CM Browser to prevent malicious plugins.

_20140808_200922

CM Security Researcher Lab tips:

1. Update your mobile versions to Android 4.4 and above as soon as possible.
2. Download apps from the official Google Play Store to prevent malware infection.
3. Install a reliable antivirus and keep it updated. We recommend using apps Clean Master and CM Security, which were recently awarded title of No.1 antivirus by AV-TEST for the sixth consecutive time.
4. Surfing with a secure browser .

References:

[1] http://bluebox.com/blog/technical/android-fake-id-vulnerability/
[2] https://android.googlesource.com/platform/libcore/+/android-cts-4.1_r4%5E%21/

Posted From Scorpion Sting’s Motorola Droid Maxx!

MVDC Is The Perfect App For Veterans

wpid-thank-you-cover-gplus.png

Many of y’all may not know that the businesses around you and around the United States offer a discount for active duty military and veterans. There are many businesses that offer discounts every day of the year and other businesses that offer discounts or something free on different federal holidays. But how does one keep track of the growing list of places that we might visit all of the time? The answer is MVDC which can be accessed via website or their app, which I found @ Google Play. For your convenience you can just click MVDC here and you will be magically transferred to their great website. I will also be adding a link on the right hand side of this blog for easy access. I use the MVDC app all of the time and I have never, I repeat never, been steered wrong or misinformed. I can’t begin to say enough nice things about MVDC and the vast collection of up to date businesses which offer our military and veterans such great discounts. My hat is off to MVDC and all the businesses who openly support the American military and veterans.

wpid-american-flag-in-the-sun.jpg