Re: [id-android] Wti :Two Android Vulnerabilities Allow Malicious Apps To Install On Your Device Without Your Permission
Bukti kalo Android makin populer, layaknya OS Jendela :D #mudah2an ga kek OS Jendela yang butuh antivirus, firewall etc dan hampir 6bulan sekali install ulang #curhat pengalaman pribadi :D On Wed, Sep 21, 2011 at 8:39 AM, Agus Ruliyanto agusruliya...@gmail.comwrote: Lama2 butuh firewall dah hahay..buat ngemplang exploit atau trojan On Sep 21, 2011 7:37 AM, Defriando Riza defriando.r...@gmail.com wrote: Waspadalah... Waspadalah...   http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/androidinfected-3/ About a month ago, two Android researchers were able to find two vulnerabilities within the Android OS that have yet to be addressed or patched up by Google in the latest Android updates. What exactly are these vulnerabilities? Well, the first bug is called a “permission-escalation vulnerability” and apparently, it affects all Android users. The exploit allows for an app to be installed without a user approving of the permissions typically required when installing an app. For instance, say you were to install a seemingly harmless (but infected) app from the Market. A hacker could then use this vulnerability in Android to gain additional malicious permission privileges after an install. The second exploit is known as a “Linux kernel privilege escalation” and it allows for an unprivileged application to escalate or gain privileges and gain full control over a device. Last year, Jon Oberheide, one of the researchers who discovered these 2 vulnerabilities, was able to upload an app disguised as an “Angry Birds expansion pack” into the Android Market. Once downloaded, without any user knowledge or input, the expansion pack was able to install three additional apps that monitored a phone’s contacts, location information and text messages. That data could then be transmitted to a remote server. Jon “O” had this to say, The Android Market ecosystem continues to be a ripe area for bugs. There are some complex interactions between the device and Google’s Market servers which has only been made more complex and dangerous by the Android Web Market. Both Oberheide and his fellow researcher Zach Lanier plan to speak more about these Android vulnerabilities at a two-day training course taking place at the SOURCE conference in Barcelona later this year. You can find a video from Oberheide showing off these Android bugs on his Nexus Shttp://phandroid.com/nexus-s/down below. [Via TheRegister http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/ ] Read full article at http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/ Sent from Mr.Incredible -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21 -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21 -- Indra D. Kusuma -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21
[id-android] Wti :Two Android Vulnerabilities Allow Malicious Apps To Install On Your Device Without Your Permission
Waspadalah... Waspadalah...  http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/androidinfected-3/ About a month ago, two Android researchers were able to find two vulnerabilities within the Android OS that have yet to be addressed or patched up by Google in the latest Android updates. What exactly are these vulnerabilities? Well, the first bug is called a “permission-escalation vulnerability” and apparently, it affects all Android users. The exploit allows for an app to be installed without a user approving of the permissions typically required when installing an app. For instance, say you were to install a seemingly harmless (but infected) app from the Market. A hacker could then use this vulnerability in Android to gain additional malicious permission privileges after an install. The second exploit is known as a “Linux kernel privilege escalation” and it allows for an unprivileged application to escalate or gain privileges and gain full control over a device. Last year, Jon Oberheide, one of the researchers who discovered these 2 vulnerabilities, was able to upload an app disguised as an “Angry Birds expansion pack” into the Android Market. Once downloaded, without any user knowledge or input, the expansion pack was able to install three additional apps that monitored a phone’s contacts, location information and text messages. That data could then be transmitted to a remote server. Jon “O” had this to say, The Android Market ecosystem continues to be a ripe area for bugs. There are some complex interactions between the device and Google’s Market servers which has only been made more complex and dangerous by the Android Web Market. Both Oberheide and his fellow researcher Zach Lanier plan to speak more about these Android vulnerabilities at a two-day training course taking place at the SOURCE conference in Barcelona later this year. You can find a video from Oberheide showing off these Android bugs on his Nexus Shttp://phandroid.com/nexus-s/down below. [Via TheRegisterhttp://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/ ] Read full article at http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/ Sent from Mr.Incredible -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21
Re: [id-android] Wti :Two Android Vulnerabilities Allow Malicious Apps To Install On Your Device Without Your Permission
Lama2 butuh firewall dah hahay..buat ngemplang exploit atau trojan On Sep 21, 2011 7:37 AM, Defriando Riza defriando.r...@gmail.com wrote: Waspadalah... Waspadalah...   http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/androidinfected-3/ About a month ago, two Android researchers were able to find two vulnerabilities within the Android OS that have yet to be addressed or patched up by Google in the latest Android updates. What exactly are these vulnerabilities? Well, the first bug is called a “permission-escalation vulnerability” and apparently, it affects all Android users. The exploit allows for an app to be installed without a user approving of the permissions typically required when installing an app. For instance, say you were to install a seemingly harmless (but infected) app from the Market. A hacker could then use this vulnerability in Android to gain additional malicious permission privileges after an install. The second exploit is known as a “Linux kernel privilege escalation” and it allows for an unprivileged application to escalate or gain privileges and gain full control over a device. Last year, Jon Oberheide, one of the researchers who discovered these 2 vulnerabilities, was able to upload an app disguised as an “Angry Birds expansion pack” into the Android Market. Once downloaded, without any user knowledge or input, the expansion pack was able to install three additional apps that monitored a phone’s contacts, location information and text messages. That data could then be transmitted to a remote server. Jon “O” had this to say, The Android Market ecosystem continues to be a ripe area for bugs. There are some complex interactions between the device and Google’s Market servers which has only been made more complex and dangerous by the Android Web Market. Both Oberheide and his fellow researcher Zach Lanier plan to speak more about these Android vulnerabilities at a two-day training course taking place at the SOURCE conference in Barcelona later this year. You can find a video from Oberheide showing off these Android bugs on his Nexus Shttp://phandroid.com/nexus-s/down below. [Via TheRegister http://www.theregister.co.uk/2011/09/20/google_android_vulnerability_patching/ ] Read full article at http://phandroid.com/2011/09/20/2-android-bugs-allow-malicious-apps-to-install-on-your-device-without-your-permission/ Sent from Mr.Incredible -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21 -- Indonesian Android Community Join: http://forum.android.or.id === Join ID-ANDROID Developers http://groups.google.com/group/id-android-dev - Gunakan Paket Unlimited Data XL Mobile Broadband http://www.xl.co.id/XLInternet/BroadbandInternet PING'S Mobile - Plaza Semanggi E-mail: i...@pings-mobile.com Ph. 021-25536796 i-gadget Store - BEC Bandung E-mail: a...@i-gadgetstore.com Ph. 0812-2191 Toko EceranShop - BEC Bandung E-mail: wi...@eceranshop.com Ph. 0815-56599888 === Aturan Jualan dan Kloteran ID-Android http://goo.gl/YBN21
