Stories
Slash Boxes
Comments

SoylentNews is people

Capture Google Login on Desktop to Break Into Android

posted by cmn32480 on Sunday June 28 2015, @09:12AM   Printer-friendly
from the the-only-way-to-be-secure-is-not-to-network dept.

FakeBeldin writes:

Security researchers of the security group at the Free University of Amsterdam found a hole in Android. The scoop in Dutch - news is 10hrs old at time of writing, I didn't find an English source yet. Heck, the university hasn't even put out a press release, even though this is currently making a splash in the Dutch news.

In short, the researchers hacked the user's (desktop) browser and then installed (via this browser) a malicious app on the phone.This gave them basically full control over the phone: turning camera on/off, replacing installed apps with malicious versions, intercepting text messages, etc. In fact, they used this to reduce a common version of two-factor authentication (know password and have phone) to only one factor: they managed to intercept verification codes (text messages) sent by a bank.

The problem is not in a specific version of Android, but in the deep integration between Google's websites and Android. Google has been made aware of the problems late 2014, but has yet to publicly reply.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Capture Google Login on Desktop to Break Into Android | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Nerdfest on Sunday June 28 2015, @04:16PM

    by Nerdfest (80) on Sunday June 28 2015, @04:16PM (#202443)

    DuckDuckGo is a good alternative for privacy from what I can tell. For the rest of the services, it's hard to beat Google's security though. They've got a pretty good track record for a company that size. Same for privacy (private from others, not Google themselves obviously). I think there's some encouragement for them to have good security as their business depends on it. Microsoft's security on the cloud side of things has been decent as well (surprisingly) but their reliability is relatively poor.

    I think the big knock against Google is having a single company with so much information about you; you need to weigh that against how valuable their services are to you and decide whether or not it's worth it to you. Don't forget to take into account what would happen in the case of a total compromise. Also keep in mind that the same could happen even to a service that you pay for.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday June 28 2015, @07:26PM

    by Anonymous Coward on Sunday June 28 2015, @07:26PM (#202482)

    I'm hard pressed to think of anyone I want to be secure against more than Google. Well, Facebook. But honestly, I'm wondering what information I'd rather Google had about me than some hacker in Russia./p