Vulnerabilities in Android Devices Allowed Stealing Money and Passwords

Artem Chaykin, an expert at the Positive Research Center, has discovered two critical vulnerabilities in Chrome for Google Android. The vulnerabilities threatened the security of the majority of new smartphones and tablets, since Chrome is the main web browser of the system starting from Android 4.1 (Jelly Bean).

By exploiting the first of the said vulnerabilities, an attacker could get access to user data stored in Google Chrome, including clickstream, cookies, web cashe, etc.

The other vulnerability allowed executing arbitrary JavaScript code in arbitrary site security context. It is a matter of the Universal Cross-Site Scripting. By conducting the attack a cybercriminal could, for example, compromise a bank account of a mobile bank user and steal the money
Thanks to Google’s professional approach, the vulnerabilities in Chrome for Android have been promptly fixed. To eliminate the defects in the browser security system, the user should install a new version of Chrome.

By the way, in 2010 names of several experts of Positive Technologies were placed in Google Security Hall of Fame. In spring 2012 the Positive Technologies expert Dmitry Serebryannikov found a critical vulnerability in the corporation’s site and won an award as part of the Vulnerability Reward Program.

10 thoughts on “Vulnerabilities in Android Devices Allowed Stealing Money and Passwords

  1. I think going through cisco training could enhance their software development. I think they should know the basic of programming so that if they are already creating or forming an application they could assure security and privacy for its users and avoid any malfunctions.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.