|
It has been observed that there is an increase in the adoption of smartphones. Android provides a permission based security model which requires each application to request permissions before it can be installed to run in order to manage information and features on smartphones. An analysis consisting of eight Android Smartphones was conducted and researchers have discovered that the stock phone images do not properly enforce the permission model. A number of privileged permissions are exposed to other applications that do not require request for using them. Researchers have developed a tool known as Woodpecker to identify these leaked permissions or capabilities. The results have demonstrated that an untrusted application can exploit these leaked permissions to wipe out user data, send SMS messages or record user conversion on the vulnerable smartphones without user permission.
Read more: http://www.csc.ncsu.edu/faculty/jiang/pubs/NDSS12_WOODPECKER.pdf
Source:
Team Cymru
http://www.team-cymru.org/News/
North Carolina State University
http://www.csc.ncsu.edu/faculty/jiang/pubs/NDSS12_WOODPECKER.pdf
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
