According to the findings of security Jon Oberheide allows the smartphone operating system, Android even more far-reaching intervention by the system manufacturer, as with the possibility of unquestioned Delete Apps already known was installed. Accordingly, devices talk Android on the service GTalkService a permanent connection to Google's GTalk servers to receive broadcast from there push messages and process them.
On this news channel, Google - so Overhead - not only calls the function send REMOVE_ASSET, then delete the user without the participation of an app from the device, but also stimulate the function INSTALL_ASSET unasked, which then sets up a new autonomous piece of software on the device.
Oberhide sees the possibility of a system operator could remove him disagreeable applications on the devices of the customers, not even the biggest risk.After all, Google has previously used these occasions only. To pull demo programs with exploits of vulnerabilities from the market. Apple apparently has similar opportunities for "cleaning" of iPhones, but it seems like so far not use.
Should it succeed, however, an attacker to plug than the man-in-the-middle in GTalk said connections of Android phones, it could cause, through the secret uploading malware significant damage, said Chief Heath.
In this respect, the situation in Android smartphones with a theoretical risk of malware entering the required system connections are exactly the other way as with Apple's iPhone. There are already real worms circulating the Internet known , although not the standard connections of the iPhone OS for the course came through, but rather by user activity for a so-called jailbreak, so the Apple undesirable softening of this server connection. A security issue iPhones from outside attack via SMS , Apple has become known quickly suppressed by the.
BlogCatalog
Leave a Reply