Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
Using VPNs for Android can help people keep their phones and tablets safe from the latest threat to mobile security. Trend Micro has discovered a new SSL vulnerability that affects Android users. It can fake authentication and open a long term window. This allows huge malware payloads to get through mobile defense systems. VPNs for Android add layers of security to Internet traffic that can help ward off these attacks.
Back in February, an SSL implementation problem was found in Apple devices. Like this, the new SSL authentication issue for Android pertains to proper connection authentication. This time, a segment of code has been found to be corrupted. This means a whole new set of exploits than can be used against Android users. SSL authentication is used for the verification of communications between mobile devices and mainstream app hosting servers. It also affects the servers for services that are found in the Android operating system.
Hackers are able to use the defective code to trick SSL servers. The servers let them through as legitimate traffic. Hackers are then able to get through because most anti-hacker systems cannot detect it. This allows the hackers access for longer periods and gives them the ability to inject larger payloads. Android user data streams can be loaded with infected data for months on end without anyone noticing.
Android users have been victims of many hacks in the past few years especially because Android users outnumber those of any other OS type. The sheer number of Android users attracts hackers because one successful exploit can lure in many more victims. This SSL exploit is different, however, because it has a special way of stripping users’ financial credentials from each session where a transaction is executed. Because it fakes SSL authentication, the attack allows hackers to snoop on user traffic to even secure banking sites. Snooping on email and social media with the exploit is a breeze. Google has been contacted about the issue, but they have yet to respond as to what they are doing to patch this security hole.
Hackers Choose SLL Exploits Because They are Easy
The question has often been asked, why an SSL exploit? It is new, and other common attacks have worked well against the Android OS. Seven Shen, a mobile threat analyst with Trend Micro, explained the evasion technique in a blog post. Shen says that one reason is that SSL traffic is not easily noticeable. This means that the hackers can inject lots of code that would not be uncovered quickly. Common TCP-based traffic analysis systems do not pick it up. He also says that SSL services and servers are easy for hackers to get into. This may shock some users, but remember that SLL can be easily bought through web hosts or from a new Twitter account.
One big problem with this new breed of SSL attacks is that it can and probably will get more complex. Shen says that catching the malware may not be adequate for user protection. Server administrators and other affected systems will have to cooperate with security analysts to strip offending email addresses and URLs associated with the exploits.