The experts were informed about a serious vulnerability in Android Cell phones
Specialists in information security company Trustwave found in the mobile operating system Android vulnerability that could be exploited by attackers to steal users ' personal data, reports CNET News. The SDK Android allows you to create an application that will run in the background and keep track of which program is currently active, the researchers said Nicholas Percoco (Nicholas Percoco) and Sean Schulte (Sean Schulte). This application can automatically switched to the active mode, they stress. Percoco and Schulte, speaking at the hacker conference DefCon, stated that this feature of Android can be used to show the user pop-up advertisements or perform phishing attacks. For example, a malicious program can simulate the login screen Facebook and display it on top of the login screen this Facebook when the user starts the client social networks on your smartphone. In this case, the username and password that will be entered by the user will be redirected to the attackers. The researchers noted that "fake" login screen will not be able to close it by pressing the "Back" button. In a report published on the website Trustwave, they said that the vulnerability was fixed in Android versions 2.1, 2.2 and 2.3, but it is possible that it may occur in other versions. A spokesperson for Google said that the company is unaware of any evidence discovered vulnerabilities in applications from Android Market for malicious purposes. He also noted that if such an application will appear in the store, it will be deleted..