[ad_1]
A client-side vulnerability in Google Play’s main library, patched by the company in April, is still present in many Android applications because developers have not yet patched these applications.
Check Point security company said it had started monitoring vulnerable apps since the patch was released.
Explaining the library’s functions, Check Point researchers Aviran Hazum and Jonathan Shimonovich wrote: “The Play Core library is your application’s launch interface with the Google Play Store. Some of the things you can do with Play Core they include: downloading additional language resources; managing feature module delivery; managing asset bundle delivery; activating in-app updates; and requesting in-app patches. “
They said the vulnerability could be briefly described like this: “Within each application’s sandbox, there are two folders: one for ‘verified’ files received from Google Play, and one for ‘unverified’ files. Files downloaded from Google Play services go to the verified folder, while files downloaded from other sources are sent to the unverified folder. When a file is written to the verified folder, it interacts with the Google Play Core library, which uploads it and makes it run.
“Another feature, an exported intent, allows other sources to push files to the hosting application sandbox. There are some limitations: the file is inserted into the unverified folder and is not handled automatically by the library.
“The vulnerability lies in the combination of the two features mentioned above and also uses file crossing, a concept as old as the Internet itself. When a third-party source inserts a file into another application, it must provide a path for the file in the one to write. If an attacker uses file crossover (../verified_splits/my_evil_payload.apk), the payload is written to the verified folder and is automatically loaded into the vulnerable application and runs within reach “.
Some of the best known applications that use this library are Google Chrome, Facebook, Instagram, WhatsApp, SnapChat, Booking and Edge.
The researchers said that if a malicious application could exploit the vulnerability, then it could execute code within many popular applications with the same permissions as the application itself.
“The possibilities are limited only by our creativity,” Hazum and Shimonovich said, citing the following examples:
- Code injection into banking apps to get credentials and at the same time have SMS permissions to steal two-factor authentication codes.
- Injecting code into commercial applications to access corporate resources.
- Injecting code into social media apps to spy on the victim and use location access to track the device.
- Code injection into instant messaging applications to capture all messages and possibly send messages on behalf of the victim.
In September, 13% of Google Play apps analyzed used the library, and 8% had a vulnerable version, the duo found.
The following apps were found to have a vulnerable version of the library: Viber, Booking (both now patched), Cisco Teams (patched December 3), Yango Pro (Taximeter), Moovit (patched December 3), Grindr ( patched Dec 3), OKCupid, Microsoft Edge, Xrecorder, and PowerDirector.
“As our demo video [above] shows, this vulnerability is easy to exploit, “Hazum and Shimonovich said.” All you need to do is create a ‘hello world’ application that calls the exported intent on the vulnerable application to send a file to the verified files folder with the file path.
“Then sit back and watch the magic happen. To demonstrate how to target a specific application, we took a vulnerable version of the Google Chrome application and created a dedicated payload to capture its bookmarks.”
Now is the time for 400G migration
The fiber optic community eagerly awaits the benefits that 400G per wavelength capacity will bring to existing and future fiber optic networks.
Almost all companies want to take advantage of the latest in digital offerings to remain competitive in their respective markets and to support rapid and ever-increasing demands for data capacity. 400G is the answer.
Initial challenges are associated with supporting such a project and upgrades to fulfill the promise of higher capacity transportation.
The foundation of the optical network infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux / demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.
With proprietary transceivers and DSPs that are very power consuming and costly, how is migration to 400G networks going to be a viable option?
PacketLight’s next-generation standardized solutions may be the answer. Click below to read the full article.
CLICK HERE!
