Researchers have warned of a vulnerability present on an estimated 10 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices.The vulnerability resides in the Android KeyStore, a highly sensitive region of the Google-made operating system dedicated to storing cryptographic keys and similar credentials, according to an advisory published this week by IBM security researchers. By exploiting the bug, attackers can execute malicious code that leaks keys used by banking and other sensitive apps, virtual private network services, and the PIN or finger patterns used to unlock handsets. The advisory said Google has patched the stack-based buffer overflow only in version 4.4, aka KitKat, of Android. In an update, IBM said the vulnerability affected only version 4.3, which runs on about 10.3 percent of handsets.
Read more via arstechnica.com
Related articles:
Apple’s ‘kill switch’ leads to a drop in phone thefts – now Google and Microsoft are going to copy it
How to… Access Your Google Location History
How to Dial Up the Privacy on Your Phone
WhatsApp user chats on Android liable to theft due to file system flaw
A Guide to Unlocking Your Twitter Location History
Blackphone goes for Blackberry’s throat in privacy row
