Android suffers phone call vulnerability

Source: Internet
Author: User
Keywords Pay phone high-risk vulnerability Jinshan mobile phone drug tyrants
Tags android android malware android phone android program applications apply apply for calls

CM Security found a high-risk vulnerability in Android: Android exploits the vulnerability without having to make phone calls, making any phone calls, including dialing special numbers to execute system commands such as emptying mobile data. CM Security has been updated urgently to prevent Android malware from exploiting the phone permissions vulnerability.

"If a normal Android program needs to make a call, you have to apply for system privileges before installation and users can use the Jinshan Mobile Virus to manage whether applications on the phone can use system privileges." CM Security security experts explained, "Now, due to a Phone Permission Vulnerability Malicious programs can bypass system constraints for malicious purposes. "

Figure 1 Jinshan mobile drug tyrants management Android application system permissions

CM Security Lab Check found that Android Phone Permissions Vulnerability affects most users of Android 4.1, 4.2 and 4.4.2, accounting for 59% of the global Android mobile phone. The actual verification found that the following mainstream Android phones have phone permissions loopholes.

Device version

Galaxy Note 14.4.2

Galaxy Note 24.1.1

Nexus 44.4.2

Nexus 54.4

SAMSUNG GT-I826D4.1.2

SONY c21054.1.2

Harm of Phone Permission Vulnerability

Attackers use Android phone vulnerabilities to bypass the system rights management, you can directly dial the information desk, international calls and other long-distance calls, causing economic losses to users. Malicious programs are also free to interrupt the normal program to make phone calls, causing interference with the use of mobile phones. The most serious is that malicious programs can dial a special number through the phone dial-up to start the phone's built-in management functions, such as instantly restore the phone to the factory state, clear all the phone data.

CM Security Labs has urgently upgraded Clean Master and CM Security to intercept Android malware exploited by phone-privileged vulnerabilities. Users are advised to try to download applications through the relatively reliable Android software market, and do not easily download through informal channels such as chatting tools and forums.

Figure 2 Jinshan mobile phone virus tyrants to intercept phone use permissions Android vulnerability

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.