News

Bug in Android allows attackers to steal authentication data

By admin
Spread the love

According to security researchers, there is a bug in KeyStore, the part of Android that stores authentication data such as cryptographic keys, PINs and unlock patterns. Malicious persons could find out and misuse this data.

The research was published by IBM security researchers. A bug in Android’s KeyStore allows attackers to retrieve authentication information through a stack buffer overflow. On their website, the researchers explain in detail how the bug can be exploited.

According to the discoverers, publication has been delayed until Google has fixed the bug, which is now the case. With the release of Android KitKat, version numbers 4.4.x, the bug should no longer be exploitable, but many users still have an older version of the mobile operating system. Many Android devices are still susceptible to this.

By misusing the bug, malicious parties could obtain authentication data for services that are used on the Android device in question. Hackers could get their hands on authentication data for payment services and banks, for example. However, they must first install malware on a vulnerable device: it is necessary to be able to execute code themselves in order to be able to abuse the bug. It is not clear whether the vulnerability in KeyStore is already being exploited.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Brave sells web content as data for AI training

News

GitHub enables passwordless login via passkeys in beta

News

Elon Musk shows AI company X AI, without concrete applications yet

News

Meta announces Roblox for Quest headsets