Pages

Attackers could’ve taken advantage of a vulnerability in Google Search Android app

Cyber attacks are the reason why software are getting more and more advanced to counter such attacks. Unfortunately, while software are getting better, cyber attacks are getting more sophisticated as well. Recently a report has been released by Oversecured, according to which Google's Android application with over 5 billion downloads has nearly missed getting attacked by hackers who could’ve get their hands on the personal data of the victim from Gmail to their browsing history. The researcher who discovered this potential threat believes that if people will use the latest version of application, they can prevent themselves from getting attacked.

This research was carried out by Sergey Toshin. He himself is famous for building up security systems for smartphones. He explained how the operating system works on Android devices. He told that android software works with the assistance of other apps well. Such as their codes and files to launch the application properly. If the hacker gets successful in tempering the codes which leads the operating system to read the tampered codes. Once these codes are read, hackers will get access to all the files of that user which can be used against them. Toshin didn’t just talked about it he also proved his concept as well to show how real things can go.

He merged android’s software with 3 susceptible to attack applications. He showed how new codes could be added easily in the Play Core library of Google. When the library was used by android app, it began to take over the device like a rogue app and got itself an access to every file. The serious part about this attack is that it will remain there even if the user uninstalls the application.

Toshin explained that the attack is so silent, the hacker can use their phone to make calls, send texts have an access to the contacts and phone history. They can even turn on the camera without letting the victim know. These attacks are not linked with this app only. Many other apps including TikTok has also hosted such weaknesses that can be used against the user.

After discovering this vulnerability they informed the tech giant and got themselves awarded for pointing this out. As a safety measure, Google worked it out and announced that the users can now update their app if they haven’t. They told that Google appreciate the efforts made by Oversecured and since the app has been updated, they didn’t get to hear any news related to the cyber attack.



Read next: Google is making browsing experience far more convenient for Search users through its new tests

No comments:

Post a Comment