One need be careful on what he/she do online
Google’s (GOOG) Android operating system has a security flaw that could allow hackers to impersonate trusted applications and potentially hijack your phone or tablet, according to research released today.
The basic issue is the way in which Android checks—or rather, does not check—that certain applications are what they say they are, according to Bluebox Security, the company that identified the vulnerability. Hence the catchy name, “Fake ID.”
Verifying identity is one of the most fundamental issues online. Is someone logging into a bank account the owner of that account? Is an application what it claims to be? San Francisco-based Bluebox helps companies secure their data on mobile devices, and its staff members work to research and understand the architecture of the mobile operating systems that Bluebox builds onto, says Jeff Forristal, chief technology officer.
Each Android application has its own digital signature—an ID card, in essence. Adobe Systems (ADBE), for example, has a specific signature on Android, and all programs from Adobe have an ID that’s based on that signature. Bluebox discovered that when an application
flashes an Adobe ID, for example, Android does not check back with Adobe that it’s an authentic one. That means that a malicious actor could create malware based on Adobe’s signature and infect your system.
The problem isn’t specific to Adobe; a hacker could create a malicious application that impersonates Google Wallet and then access payment and financial data. The same issue applies to administrative software present on some