The Android's permission management architecture suffers from a vulnerability that allows an attacker to access the system via a remote shell. In this video ... explains how a "no-permission application" - which doesn't ask any sensitive operation permission to work - can be exploited.
from the original post:
"It is not a zero-day exploit or a root exploit. We are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel."
I think that the issue is a matter of the "Least Privilege" principle!
Friday, December 23, 2011
Saturday, December 10, 2011
Carrier IQ
The case of Carrier IQ software was on top headline of news. As mobile device usage increases, more user privacy issues raise.
Subscribe to:
Comments (Atom)