Search This Blog

Powered by Blogger.

Blog Archive

Labels

Security Vulnerability in Android allows any app to make phone calls

Researchers at Security firm CureSec has discovered a security flaw in the Android system that allows malicious applications to initiate unauthorized phone calls.
An application normally needs permission and should alert user that it needs permission to make phone call, when it is being installed.

Researchers at Security firm CureSec has discovered a security flaw in the Android system that allows malicious applications to initiate unauthorized phone calls. 

By exploiting this vulnerability, malicious apps can make phone calls to premium-rated numbers and terminate any outgoing calls.  It is also capable of sending Unstructured Supplementary Service Data (USSD) codes that can be used for enabling call forwarding, blocking your sim cards and so on.

The security bug appears to be introduced in Android Jelly bean 4.1.1  and it exits in all latest versions through Android Kitkat 4.4.2.

CureSec has also released a source code and proof-of-concept application to demonstrate the existence of vulnerability.

The bug has been fixed in the latest version of android (v4.4.4).
Share it:

Featured

Security News

Vulnerability