Wednesday, November 13, 2013

Security flaws in Android 4.4

Google has recently released its 4.4 version of the popular Android OS, also called KitKat. Between the improvements, some have noticed several security-related changes. ESET has analysed the new security features of Android 4.4 (KitKat).

“There is definitely some improvement with this new version, especially with regards to security. One of the biggest upgrades within Android 4.4 is that it will warn a user if a Certificate Authority (CA) is added to the device, making it easier to identify Man-in-the-Middle attacks inside a user’s network, explains Stefan Tanase, security expert at ESET. Google Certificate Pinning makes it harder for complicated attackers to intercept network traffic to and from Google services, by ensuring only whitelisted SSL certificates can connect to certain Google domains.”

Furthermore Android 4.4 is enforced by another barrier against exploits gaining rooting access. SELinux is now running in enforcing mode, instead of permissive mode. It makes buffer overflow exploits harder to implement.

From the point of view of malware threats, these enhancements do not really make a big difference. The most common Android infection source remains the same: unofficial apps downloaded from third-party stores. Thus the most important change from Android 2.3 is the lowered recourse usage.
Users can look forward to Android 4.4 running on devices with just 512MB of RAM, which, for high end hardware means faster operation and much better battery life.

One of the biggest problems in the Android ecosystem is the amount of different versions of the OS, including ancient ones that are still running on users’ mobile devices. Tanase states that more than 25% of users are still running on Android 2.3*, which represents a big security issue. According to ESET experts, power users have always wanted to use the latest versions of Android on their devices – that’s why phone rooting has become so popular.

For more information about security features of the new released Android 4.4, please visit Securelist.com.

1 comments:

Post a Comment

Share

Twitter Delicious Facebook Linkedin Stumbleupon Favorites More