NPC Seal
We use cookies to ensure you get the best browsing experience. By continued use, you agree to our privacy policy and accept our use of such cookies. For further information, click FIND OUT MORE.
I AGREE FIND OUT MORE
x
advertisement
Filtered by: Scitech
SciTech

Android design flaw may allow phishing


A possible design flaw in Google Inc.’s Android operating system may allow annoying ads – or worse, phishing attacks by data thieves, researchers said over the weekend. The “Focus Stealing Vulnerability" allows an app to steal the focus in the device – potentially allowing a spoof app to silently take the place of a legitimate app being used. Nicholas Percoco, senior vice president and head of SpiderLabs at Trustwave, said developers can create apps that may display fake bank login pages while a user is using the legitimate bank app, tech site CNET reported. According to the CNET report, the researchers created a proof-of-concept tool: a game that triggers fake displays for Facebook, Amazon, Google Voice, and the Google e-mail client. Percoco said that the tool hides inside a legitimate app and registers as a service so it comes back up after the phone reboots. The CNET report pointed to a demo, which showed a user opening up the app and seeing the log-in screen for Facebook, with just a brief screen blip as the only indication that something odd had happened. The blip was so quick many users are not likely to notice it. The fake screen then replaces the legitimate one, so a user may not be able to tell something is wrong. Annoying ads Similarly, the design flaw can be exploited by advertisers, this time to deliver pop-up ads, getting nasty if the advertisers program their ads to steal focus if a competitor’s ad is viewed. “So the whole world of ads fighting with each other on the screen is possible now," said Percoco. Percoco said the researchers spoke to someone at Google about the findings some weeks back. He said the individual acknowledged that there was an issue and said Google was trying fix it without affecting legitimate apps. Android design flaw Percoco said that under Android, apps that want to communicate with the user while a different app is being viewed will push an alert to the notification bar on the top of the screen. But he said an application programming interface in Android’s Software Development Kit can be used to push a particular app to the foreground. Sean Schulte, SSL (Secure Sockets Layer) developer at Trustwave, added Android allows one to override the standard for hitting the back buttons. “Because of that, the app is able to steal the focus and you’re not able to hit the back button to exit out," Percoco said. — TJD, GMA News

Tags: google, googleandroid, phishing, hackers, hacking
LATEST ELEKSYON 2025 RESULTS
News
Voter's Education
Candidates
Find out your candidates' profile
Debates
Find the latest news
Stand on Issues
Find out individual candidate platforms
MyKodigo
Choose your candidates and print out your selection.
Voter's Profile
Voter Demographics
More Videos
Most Popular
LOADING CONTENT