Android Multitasking Vulnerability Discovered

Yep, another Android vulnerability.

Security Researchers, Chuangang Ren and Peng Liu, both from the Pennsylvania State University; Yulong Zhang, Hui Xue, and Tao Wei, all from FireEye, released a paper at the USENIX Security 15 conference in Washington DC last week, revealing a security flaw in Android that affects the mobile operating system’s multitasking functionality.   According to the paper, Towards Discovering and Understanding Task Hijacking in Android, all versions of Android are vulnerable, and the list of exploits for the flaw is long: user spoofing, behavior monitoring, Denial of Service attacks (DDoS), ransomware, and credential stealing.

“Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization,” the paper read, ”However, the security implications of Android multitasking remain under-investigated.”

The team collected and studied over 6.8 million apps from multiple Android markets, and claim that task hijacking risk runs rampant through them.  The researchers have notified Android, but there is no news of a fix at the present time.

It’s been a rough month for Android, as news of this vulnerability follows shortly on the heels of the announcement on the the Stagefright vulnerability which allows someone to take over an Android simply by sending a multimedia message, the cerifigate vulnerability, and  CVE-2015-3825, a privilege escalation vulnerability.

 

For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.

 

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *