Friday, December 23, 2011

Android remote shell via no-permission applications

The Android's permission management architecture suffers from a vulnerability that allows an attacker to access the system via a remote shell. In this video ... explains how a "no-permission application" - which doesn't ask any sensitive operation permission to work - can be exploited.
from the original post:

"It is not a zero-day exploit or a root exploit. We are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel."

I think that the issue is a matter of  the "Least Privilege" principle!  

Saturday, December 10, 2011

Carrier IQ

The case of Carrier IQ software was on top headline of news. As mobile device usage increases, more user privacy issues raise.