Android Flaw Hijack Apps
Android |
Remember Strandhogg?
Android ko prabhaavit karane vaalee ek suraksha bhedyata jo
durbhaavanaapoorn Application upayogakartaon ko nakalee interface pradarshit
karane ke lie lakshit divais par install kie gae kisee bhee any app ke rop
mein bhi chedachad karane ke lie shoshan kar sakatee hai, unhen sanvedanashel
janakaree dene mein dhokha detee hai.
Android Flaw Affects / Hijack Apps
Norwegian cybersecurity sikyoritee risarchaars kee ek hee team
ne aaj Android operating system ko prabhaavit karane vaalee ek nayee mahatvaapoorn
bhedyata (CVE-2020-0096) ke vivaran ka anaavaran kiya, jo hamalaavaron ko Strandhogg
hamale ke adhik parishkt sanskaran ko le jane kee anumati de sakata hai.
Dabd Straindahog 2.0, naee bhedyata sabhee Android Devices ko
prabhaavit karatee hai, mobile operating system ke naveenatam sanskaran, Android
kyoo / 10 ko chhodakar, jo durbhaagy se, kul Android-sanchaalit ka keval 15-20%
par chal raha hai. upakaranon, arabon smart phone ko chhodakar hamalaavaron ke
lie asurakshit.
Straindahog 1.0 Android ke malteetaasking futures mein nivaas
kiya gaya tha, jabaki naya straindahog 2.0 dosh mool roop se visheshaadhikaar
bhedyata ka ek utthaan hai jo haikars ko lagabhag sabhee app tak pahunch praapt
karane kee anumati deta hai.
Jaisa ki pahale bataaya gaya hai, jab koee upayogakarta kisee
vaidh app ke icon ko tap karata hai, straindahog kamajoriyon ka shoshan karane
vaala mailaveyar vaastavik Application lonch karane ke bajaay upayogakarta ko
ek nakalee interface pradarshit karane ke lie is gatividhi / kaary ko baadhit
aur baadhit kar sakata hai.
Haalaanki, straindahog 1.0 ke vipareet, jo keval ek samay
mein ek par hamala kar sakata hai, naveenatam dosh hamalaavaron ko "ek
batan ke sparsh mein ek saath die gae divais par lagabhag kisee bhee app par
gatisheel roop se hamala kar sakata hai, sabhee ko pratyek lakshit ke lie
poorv-konfigareshan kee aavashyakata ke bina. Application.
Straindahog dosh sambhaavit roop se khataranaak aur
sambandhit hain:
lakshit upayogakartaon ke lie hamale ko pahachaanana lagabhag
asambhav hai,
Yah vinyaas kee aavashyakata ke bina kisee lakshit divais par
sthaapit kisee bhee app ke lie interface ko Hijack karane ke lie istemaal kiya
ja sakata hai,
Isaka upayog kisee bhee upakaran kee anumati ke lie
dhokhaadhadee se kiya ja sakata hai, isaka upayog bina root ekses ke kiya ja sakata hai,
Yah q ko chhodakar android ke sabhee sanskaranon par kaam
karata hai.
Yah divais par kaam karane ke lie kisee vishesh anumati kee
aavashyakata nahin hai.
Ek aashvast nakalee skreen ke maadhyam se login kredenshiyals
choree karane ke alaava, mailaveyar app upayogakartaon ko ek vaidh app ke roop
mein sanvedanasheel divais anumatiyon ko dene mein dhokha dekar apanee
kshamataon ko kaaphee badha sakata hai.
Straindahog 2.0 ka upayog karate hue, hamalaavar device
par ek baar durbhaavanaapoorn app install karane, nijee esemes sandeshon aur
tasveeron tak pahunch praapt karane, peediton ke login kredenshiyals choree
karane, jeepeees aandolanon ko traik karane, aur / ya phone par baatacheet
karane, aur ek phon ke maadhyam se jaasoosee kar sakate hain. kaimara aur micro
phone, shodhakartaon ne kaha.
Surakshaa shodhakartaoin ne pichhale saal December mein google
ko naye bhedyata kee jimmedaree dee.
usake baad, google ne ek paich taiyaar kiya aur ise April
2020 mein smart phone nirmaan kampaniyon ke saath saajha kiya, jinhonne ab is maheene
ke lie apane sambandhit upayogakartaon ko software update rol aaut karana
shuroo kar diya hai.
haalaanki, kaary apaharan hamalon ko rokane ya unaka pata
lagaane ka koee prabhaavee aur vishvasaneey tareeka nahin hai, phir bhee
upayogakarta straindahogag 1.0 kee riporting karate samay hamaare dvaara saajha
kee gaee visangatiyon par nazar rakh kar aise hamale kar sakate hain, jaise:
aap pahale se log in hain ek app ek login ke lie poochh raha
hai,
anumati popap jisamen app ka naam nahin hai,
Anumatiyan us app se pochee jaatee hain jisake lie usake
dvaara manage gaee anumatiyon kee aavashyakata ya aavashyakata nahin hotee
hai,
batan aur link yoojar interface mein click karane par kuchh
nahin karate,
baik batan apeksha ke anuroop kaam nahin karata hai.
yah lekh rochak laga? hamaare dvaara post kee gaee vishesh
saamagree ko padhane ke lie thn ko facebook, twitter, aur LinkedIn par follow
karen.
0 Comments