Wednesday, July 25, 2012

Trustwave Identified a Flaw in Google Play App Security Filter

Trustwave, a cybersecurity firm said that they have discovered a Google Play security filer flaw that permits a verified application to get updated with a malicious code. The problem is identified to be happening in Google Bouncer, an automatic system that checks freshly posted apps. Trustwave tested it by submitting an app for verification to Google that blocks a contact called SMS Blocker. Because the app is legit, Bouncer verified it. Trustwave then updated their app containing a code that will view user’s phone records, contacts and user photos. The update containing the code can even launch websites that are malicious.

Tomorrow, Trustwave’s researchers will present their strategy at the Black Hat security conference. Google should be listening carefully.


Post a Comment