Asian Spectator

The Times Real Estate

.

Serious Android Flaw Identified, i-Sprint found that most of the popular apps in APAC are vulnerable

  • Written by i-Sprint Innovations

YESsafe AppProtect+ protects Android Apps against StrandHogg and other attacks

SINGAPORE - Media OutReach[1] - 3 December 2019 -StrandHogg, a serious Android flaw, has been reported by BBC News and i-Sprint has found that most of the popular Android Apps in APAC are also vulnerable. StrandHogg can be very damaging and costly to Android users.

Serious Android Flaw Identified, i-Sprint found that most of the popular apps in APAC are vulnerable

In recent news reported by BBC News[2], a Norwegian app security company, Promon, has identified a serious Android following an attack on several customer bank accounts and detected a vulnerability in the Android system.  Promon named it as StrandHogg that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.  Promon scanned top 500 popular mobile apps in the world, and they are vulnerable to StrandHogg. 

StrandHogg is unique because it can be exploited with or without root access to any Android devices, and it affects all versions of Android, including Android 10.  By taking advantage of a weakness in the multitasking system of Android to enact powerful attacks, this allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called 'taskAffinity' which allows any app - including malicious ones - to assume any identity in the multitasking system they desire freely. 

 

i-Sprint[3] has also done our own investigation by sampling 100 popular Android Apps across APAC and we found that all of them are susceptible to this vulnerability.  The consequences of exploiting this vulnerability by a malware include steal of usernames and passwords, drain bank accounts, track victim's movements and location, steal private SMS messages and photos, access victim's contact list and phone logs, spy through a phone's camera and microphone.

 

i-Sprint product, YESsafe AppProtect+[4], is a Runtime Application Self-Protection (RASP) solution that helps companies to protect their iOS and Android apps by blocking attacks in real-time.  AppProtect+ proactively protects mobile apps against various risks and attacks.  AppProtect+ can prevent passive attacks (like reverse engineering, repackaging and source code modification), and respond by taking necessary measures if real-time attacks are detected during app running. Mobile apps protected by the solution can also run securely even on a highly infected mobile device

 

Albert Ching, CTO of i-Sprint, said "Our latest version has introduced a new feature for the protection of task hijacking as reported in StrandHogg.  Therefore, our existing customers are equipped with the necessary protection tool even before the announcement of the StrandHogg vulnerability.  We will continue to deliver new security features to help our customers to secure and protect their mobile apps against various attacks."

 

Dutch Ng, CEO of i-Sprint said, "As people are spending more time using their mobile devices to browse content, online shopping, transaction, etc., cyberattack cases targeting on smartphone devices are also increasing. Companies need to be more alert and diligent in ensuring their apps will not be the next victim of such vulnerability."

 

i-Sprint is currently providing a free assessment to organizations who want to find out whether their app is susceptible to StrandHogg vulnerability. For interested companies, please visit www.i-sprint.com/solutions/strandhogg[5] to participate in the free assessment.

Be proactive, be safe, secure your company app with YESsafe AppProtect+.

For enquiry, please email i-Sprint at enquiry@i-sprint.com[6].

References

  1. ^ Media OutReach (www.media-outreach.com)
  2. ^ BBC News (www.bbc.com)
  3. ^ i-Sprint (www.i-sprint.com)
  4. ^ YESsafe AppProtect+ (www.i-sprint.com)
  5. ^ www.i-sprint.com/solutions/strandhogg (www.i-sprint.com)
  6. ^ enquiry@i-sprint.com (www.media-outreach.com)

Authors: i-Sprint Innovations

Read more http://www.media-outreach.com/release.php/View/22889#Contact

Magazine

Tidak melulu soal metrik, menggaet ‘influencer’ perlu pendekatan personal, kebebasan, dan kepercayaan

Influencer marketing kini sudah menjadi salah satu instrumen terpenting dalam strategi pengembangan bisnis. Perusahaan-perusahaan di hampir semua sektor mengandalkan kanal media sosial untuk mempromos...

20 tahun pasca-tsunami Aceh, kontribusi perempuan tak diakui, kebijakan daerah masih diskriminatif

Seorang perempuan berdiri di depan Masjid Raya Baiturrahman di Banda Aceh.Bithography/Shutterstock20 tahun sudah Aceh pulih dari tsunami yang menimbulkan duka mendalam bagi Indonesia, khususnya para p...

Riset: Anak pekerja migran yang ditinggalkan hadapi tantangan sosial dan psikologis

Ilustrasi anak-anak di Indonesia.our brain/ShutterstockSetiap tahun, ratusan ribu warga Indonesia pergi ke luar negeri untuk bekerja. Lebih dari lima juta pekerja migran Indonesia (termasuk orang tua ...



NewsServices.com

Content & Technology Connecting Global Audiences

More Information - Less Opinion