Android allow any app to make phone call Security Vulnerability

An application normally needs permission and should alert user that it needs permission to make phone call, when it is being installed.
Researchers at Security firm CureSec has discovered a security flaw in the Android system that allows malicious applications to initiate unauthorized phone calls.  

By exploiting this vulnerability, malicious apps can make phone calls to premium-rated numbers and terminate any outgoing calls.  It is also capable of sending Unstructured Supplementary Service Data (USSD) codes that can be used for enabling call forwarding, blocking your sim cards and so on.


The security bug appears to be introduced in Android Jelly bean 4.1.1  and it exits in all latest versions through Android Kitkat 4.4.2.

CureSec has also released a source code and proof-of-concept application to demonstrate the existence of vulnerability

Comments

Popular posts from this blog

Autonomous mobile additive manufacturing robot runs circles around traditional 3D printers

How to hack your xbox 360 completely

The power of Bluetooth 4.0