Today, mobile security researchers SkyCure demonstrated a new form of mobile attack supposedly months in development, one that could have the potential to affect millions of devices globally if anyone else happens to come across the same tools used by the whitehat-knights . The code exploits a vulnerability in specific iOS or Android apps which are designed to access an area of the operating system’s architecture, using the pathways to the hardware as a gateway once the line is opened up.
A similar method of penetration known as “SQL-injections” were the favored method of unlocking these keys for over a decade, but recently fell out of favor as companies like Apple and Samsung got more creative with the blueprints they laid out for their devices. With the opportunity to build smartphones from the ground up to suit their OS rather than the other way around as it’s always been with PCs, phone manufacturers have had a unique opportunity to approach security from a standpoint no one has seen since a pre-internet era of encryption.
That’s where this new, improved crack comes in, bypassing the same channels that the two phone developers spent millions of dollars and a number of years trying to close up for good. The researchers threw a short video together to help visualize how apps are made vulnerable to the hack via something called a “301 directive”. This mechanism redirects traffic from the app’s server to the attacker’s (without the user ever knowing they’ve been compromised), and then changes the behavior and structure of the app logic itself to mold it into a flashpoint.
The problem is so prevalent, apparently the team at Skycure couldn’t even name the apps affected. Putting out a list of hundreds of software makers with holes in their code isn’t the exactly the best way to keep people safe from spyware, however they felt it necessary to release the news which showed how things work so the developers in question would be aware if their program is at risk without it becoming publicized.
“The vulnerability affects so many apps that it’s virtually impossible to alert app makers,” said Yair Amit, Skycure’s chief technology officer.
VyprVPN isn’t just known for it’s size, speed, and dedication to customer service; they’ve also got a great set of options available to anyone who wants to stay protected on their phones too! With the VyprVPN app for iOS and Android-ready devices, you can be sure that malicious apps never give out accurate information, and relay all communications through a 256-bit SSL encrypted server that sits between you and everything else. This means a dual layer of protection from pesky apps who can’t get their code straight, and peace of mind for anyone you might share your tablet with in the house. With 710 servers and over 200,000 available IP addresses you’ll never be left waiting in line for the fastest possible option, and can even stay connected while travelling internationally.