An unpublicised vulnerability in the WebKit browser code can be used to take control of Android devices, according to security start-up CrowdStrike.
The company is led by chief executive George Kurtz, former CEO of Foundstone and CTO of McAfee; and co-founder and chief technology officer Dmitri Alperovitch, formerly vice president of threat research at McAfee.
The two will unveil the company’s findings at a presentation during this week’s RSA Conference 2012, and will demonstrate how the attack works.
The Android attack falls into the category of Mobile Remote Access Tools (RATs), which allow an attacker full control of a mobile device such as a tablet or smartphone, CrowdStrike said.
The exploit makes use of a malicious, but seeming trustworthy, email message aimed at tricking a user into clicking on a link, Alperovitch told Reuters. Because the flaw is in WebKit, a browser code base used widely on platforms including RIM’s BlackBerry, Google’s Chrome browser and Apple iOS devices as well as Android, the attack could be made to work on practically every smartphone, Alperovitch said.
He said the attack currently works on Android 2.2 (‘Froyo’) and will shortly be updated to work on Android 2.3 (‘Gingerbread’). CrowdStrike has not yet attempted to develop the attack on iOS or Chrome, Alperovitch said.
While at McAfee last year Alperovitch led the team that discovered what was described at the time as the largest known co-ordinated cyber attack, dubbed Operation Shady RAT, targeting national governments including those of the US and Taiwan as well as international bodies such as the UN and the International Olympic Committee. The attack was believed to have originated from China’s national government.
CrowdStrike, too, will focus on attacks originating from nation-states, and will develop a new technology aimed at exposing such attacks before companies are infiltrated, Alperovitch said.
Malware targeting Android grew by 3,325 percent in 2011, according to a recent report from Juniper Networks. Android malware accounted for about 46.7 percent of unique malware samples that targeted mobile platforms, followed by 41 percent for Java Mobile Edition.
How well do you know Internet security? Try our quiz and find out!
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…