Re: Washington Post says Google sold Android phones with hidden insecure feature

Liste des GroupesRevenir à m android 
Sujet : Re: Washington Post says Google sold Android phones with hidden insecure feature
De : bill (at) *nospam* anarchists.org (Bill Powell)
Groupes : comp.mobile.android
Date : 16. Aug 2024, 03:39:04
Autres entêtes
Organisation : Hispagatos.org
Message-ID : <v9me47$b6ur$1@matrix.hispagatos.org>
References : 1 2 3
User-Agent : XanaNews/1.19.1.372 (x86; Portable ISpell)
On Fri, 16 Aug 2024 02:27:32 -0000 (UTC), Andrew wrote:
https://iverify.io/blog/iverify-discovers-android-vulnerability-impacting-millions-of-pixel-devices-around-the-world
iVerify Discovers Android Vulnerability Impacting Millions of Pixel Devices Around the World
Published Aug 14, 2024
Earlier this year, iVerify's EDR capability flagged an Android device at
Palantir Technologies as unsecure, which launched an investigation in
partnership with Palantir and Trail of Bits. The investigation revealed an
Android application package, Showcase.apk, that is part of the firmware.
When enabled, Showcase.apk makes the operating system accessible to hackers
and ripe for man-in-the-middle attacks, code injection, and spyware. The
impact of this vulnerability is significant and could result in data loss
breaches totaling billions of dollars. iVerify notified Google with a
detailed vulnerability report following their 90-day disclosure process.
It's unclear when Google will issue a patch or remove the software from the
phones to mitigate the potential risks.
The Showcase.apk package was developed by Smith Micro, a software company
operating in the Americas and EMEA that provides software packages for
remote access, parental control, and data-clearing tools. Smith Micro
likely designed the package to enhance sales of Pixel and Android phones in
Verizon stores. The app is part of the firmware image, so millions of
Android Pixel phones worldwide could have this application running at the
system level.
The application package is designed to retrieve a configuration file over
unsecured HTTP. It allows the app to execute system commands or modules
that could open a backdoor, making it easy for cybercriminals to compromise
the device. Since this app is not inherently malicious, most security
technology may overlook it and not flag it as malicious, and since the app
is installed at the system level and part of the firmware image, it can not
be uninstalled at the user level.

Date Sujet#  Auteur
15 Aug 24 * Washington Post says Google sold Android phones with hidden insecure feature13Andrew
15 Aug 24 `* Re: Washington Post says Google sold Android phones with hidden insecure feature12Jeff Layman
16 Aug 24  `* Re: Washington Post says Google sold Android phones with hidden insecure feature11Andrew
16 Aug 24   +- Re: Washington Post says Google sold Android phones with hidden insecure feature1Bill Powell
16 Aug 24   `* Re: Washington Post says Google sold Android phones with hidden insecure feature9Jeff Layman
16 Aug 24    +* Re: Washington Post says Google sold Android phones with hidden insecure feature2Stan Brown
16 Aug 24    i`- Re: Washington Post says Google sold Android phones with hidden insecure feature1Jeff Layman
16 Aug 24    `* Re: Washington Post says Google sold Android phones with hidden insecure feature6Theo
16 Aug 24     `* Re: Washington Post says Google sold Android phones with hidden insecure feature5Jeff Layman
17 Aug 24      `* Re: Washington Post says Google sold Android phones with hidden insecure feature4Andrew
17 Aug 24       +* Re: Washington Post says Google sold Android phones with hidden insecure feature2Andy Burns
17 Aug 24       i`- Re: Washington Post says Google sold Android phones with hidden insecure feature1Andrew
18 Aug 24       `- Re: Washington Post says Google sold Android phones with hidden insecure feature1Jeff Layman

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal