Information Security News
by Robert Lemos
A malicious application could enable the theft of login credentials, sensitive images, and other data from Android smartphones by making use of a newly discovered information-leakage weakness in the operating system, according to a team of researchers from the University of Michigan and the University of California at Riverside.
The attack, known as a user interface (UI) inference attack, makes use of the design of programming frameworks that share memory, allowing one application to gather information about the state of other applications. The information can be gathered without any special Android permissions or by grabbing screen pixels, according to a paper presented at the USENIX Security Conference on Friday.
The technique gives attackers the ability to infer the state of a targeted application, enabling more convincing attacks. If malware knows that the targeted user has just clicked on a "login" button, then it can throw up a dialog box asking for a username and password. If the malware can infer that a user is about to take a picture of a check or sensitive document, it can quickly take a second picture.
Worldwide infosec spending to grow in 2014
Help Net Security
Worldwide spending on information security will reach $71.1 billion in 2014, an increase of 7.9 percent over 2013, with the data loss prevention segment recording the fastest growth at 18.9 percent, according to the latest forecast from Gartner, Inc ...