Hackers at the DefCon conference have exposed a design flaw in Google’s Android OS that could possibly be used to steal data via phishing and also to bring annoying pop up adverts to Android devices.
According to the guys over at Cnet, if an android smartphone users decided to open a legitimate banking app, a fake pop up could be used with a fake log in page that would collect the users log in information.
According to Nicholas Peroco of SpiderLabs at Trustwave, the flaw, which is called Focus Stealing Vulnerability, could be used for a number of malicious attacks on Android users, Google has responded with the following comment.
Switching between applications is a desired capability used by many applications to encourage rich interaction between applications. We haven’t seen any apps maliciously using this technique on Android Market and we will remove any apps that do.
No doubt Google will be looking into this to make sure that the so called flaw cant be used to steal anyone’s user data.
Source Gotta Be Mobile
