(Press-News.org) Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.
Zhendong Su, professor of computer science, said that his team has notified the app developers of the problems, although it has not yet had a response.
The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide. Android is quite different from Apple's iOS platform, but there may well be similar problems with iPhone apps, Xu said.
The victim would first have to download a piece of malicious code onto their phone. This could be disguised as or hidden in a useful app, or attached to a "phishing" e-mail or Web link. The malicious code would then invade the vulnerable programs.
The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.
"It's a developer error," Xu said. "This code was intended to be private but they left it public."
Su and Xu, with UC Davis graduate student Fangqi Sun and visiting scholar Linfeng Liu, Xi'an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.
Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including "private" messages.
WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user's phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.
Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.
The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.
### END
Security holes in smartphone apps
2013-04-17
ELSE PRESS RELEASES FROM THIS DATE:
How smart are your clothes?
2013-04-17
This press release is available in French.
Montreal, April 16, 2013 – From corsets to caftans, we have seen dramatic changes in popular style over the past 100 years. New research from Concordia University now brings the future of fashion into focus by taking a closer look at the next quantum leap in textile design: computerized fabrics that change their colour and their shape in response to movement.
Joanna Berzowska, professor and chair of the Department of Design and Computation Arts at Concordia, has developed interactive electronic fabrics that harness power ...
This month in ecology: Oysters, big rivers, biofuels
2013-04-17
Ecological dimensions of biofuels: state of the science
Are biofuels a renewable, environmentally friendly energy source? The Ecological Society of America reviews bioethanol and biodiesel in conventional production as well as feedstocks still in development. Biofuels in commercial scale production are made from the sugars and oils of food crops, and share the ecological impacts of high intensity agriculture. Corn, the primary biofuel source in the United States, demands a lot of fuel to produce fuel. It needs nitrogen fertilizer, fixed using energy-intensive industrial ...
Cell-permeable peptide shows promise for controlling cardiovascular disease
2013-04-17
Philadelphia, PA, April 16, 2013 – Atherosclerosis – sometimes called "hardening of the arteries" – is a leading cause of death and morbidity in Western countries. A cell-permeable peptide containing the NF-ĸB nuclear localization sequence (NLS) shows promise as a potential agent in controlling the development of atherosclerotic disease. This study is published in the May 2013 issue of The American Journal of Pathology.
Atherosclerosis is a chronic inflammatory disease of the arterial and vascular wall. The objective of many therapeutic compounds is to modulate atherogenesis ...
Osteoporosis costs EU countries €37 billion every year
2013-04-17
A new report prepared in collaboration with the International Osteoporosis Foundation (IOF) and the European Federation of Pharmaceutical Industry Associations, is the first to describe in detail the epidemiology, burden, and treatment of osteoporosis in all 27 member states of the European Union (EU27).
Published today in Rome in conjunction with the opening of Europe's largest osteoporosis congress, the report 'Osteoporosis in the European Union: Medical Management, Epidemiology and Economic Burden' shows that as Europe's population ages, fractures due to osteoporosis ...
New scorecard shows inequalities in osteoporosis care in the Europe Union
2013-04-17
Today a panel of international experts working in cooperation with the International Osteoporosis Foundation (IOF) have published SCOPE – or Scorecard for Osteoporosis in Europe.
Focusing on key aspects of service provision and uptake, the Scorecard compares how the 27 different countries within the European Union (EU) care for people with osteoporosis to reduce their risk of bone fractures. Fractures, which mostly affect older adults, can result in pain, long-term disability and even premature death.
The Scorecard presents, measures and compares data in a way that ...
ALMA pinpoints early galaxies at record speed
2013-04-17
The most fertile bursts of star birth in the early Universe took place in distant galaxies containing lots of cosmic dust. These galaxies are of key importance to our understanding of galaxy formation and evolution over the history of the Universe, but the dust obscures them and makes them difficult to identify with visible-light telescopes. To pick them out, astronomers must use telescopes that observe light at longer wavelengths, around one millimetre, such as ALMA.
"Astronomers have waited for data like this for over a decade. ALMA is so powerful that it has revolutionised ...
Recipe for large numbers of stem cells requires only one ingredient, says NIH/Pitt team
2013-04-17
Stem cells and tissue-specific cells can be grown in abundance from mature mammalian cells simply by blocking a certain membrane protein, according to scientists at the University of Pittsburgh School of Medicine and the National Institutes of Health (NIH). Their experiments, reported today in Scientific Reports, also show that the process doesn't require other kinds of cells or agents to artificially support cell growth and doesn't activate cancer genes.
Scientists hope that lab-grown stem cells and induced pluripotent stem (iPS) cells, which have the ability to produce ...
University of Southern California scientists reveal natural process that blocks viruses
2013-04-17
The human body has the ability to ward off viruses by activating a naturally occurring protein at the cellular level, setting off a chain reaction that disrupts the levels of cholesterol required in cell membranes to enable viruses to enter cells. The findings, discovered by researchers in molecular microbiology and immunology at the Keck School of Medicine of USC, hold promise for the development of therapies to fight a variety of viral infections.
"Previous studies have shown that our bodies are already equipped to block viruses such as Ebola, influenza, West Nile, ...
CU-Boulder study looks at microbial differences between parents, kids and dogs
2013-04-17
As much as dog owners love their children, they tend to share more of themselves, at least in terms of bacteria, with their canine cohorts rather than their kids.
That is just one finding of a new study led by the University of Colorado Boulder that looked at the types and transfer modes of microbes from the guts, tongues, foreheads and palms (or paws) of members of 60 American families, including canines. Identifying how such bacterial communities can be affected by environmental exposure may help scientists better understand how they can be manipulated to prevent or ...
Virus-like particles provide vital clues about brain tumors
2013-04-17
"Current wisdom says that cells are closed entities that communicate through the secretion of soluble signalling molecules. Recent findings indicate that cells can exchange more complex information – whole packages of genetic material and signalling proteins. This is an entirely new conception of how cells communicate", says Dr Mattias Belting, Professor of Oncology at Lund University and senior consultant in oncology at Skåne University Hospital, Lund, Sweden.
Exosomes are small vesicles of only 30 nm. They are produced inside cells and act as "transport vehicles" of ...