安卓系统存在安全漏洞
文章来源:未知 文章作者:enread 发布时间:2013-04-18 07:44 字体: [ ]  进入论坛
(单词翻译:双击或拖选)
Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent(欺骗性的) messages to be posted, according to researchers at the University of California, Davis. Zhendong Su, professor of computer science, said that his team has notified the app developers of the problems, although it has not yet had a response.
 
The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially1 on the Android platform, which has about a half-billion users worldwide. Android is quite different from Apple's iOS platform, but there may well be similar problems with iPhone apps, Xu said.
 
The victim would first have to download a piece of malicious2(恶意的) code onto their phone. This could be disguised as or hidden in a useful app, or attached to a "phishing(网络钓鱼)" e-mail or Web link. The malicious code would then invade the vulnerable programs.
 
The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.
 
"It's a developer error," Xu said. "This code was intended to be private but they left it public."
 
Su and Xu, with UC Davis graduate student Fangqi Sun and visiting scholar Linfeng Liu, Xi'an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.
 
Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including "private" messages.
 
WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user's phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.
 
Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.


点击收听单词发音收听单词发音  

1 initially 273xZ     
adv.最初,开始
参考例句:
  • The ban was initially opposed by the US.这一禁令首先遭到美国的反对。
  • Feathers initially developed from insect scales.羽毛最初由昆虫的翅瓣演化而来。
2 malicious e8UzX     
adj.有恶意的,心怀恶意的
参考例句:
  • You ought to kick back at such malicious slander. 你应当反击这种恶毒的污蔑。
  • Their talk was slightly malicious.他们的谈话有点儿心怀不轨。
TAG标签: security apps Android
发表评论
请自觉遵守互联网相关的政策法规,严禁发布色情、暴力、反动的言论。
评价:
表情:
验证码:点击我更换图片