{"id":706,"date":"2014-02-03T16:30:28","date_gmt":"2014-02-03T14:30:28","guid":{"rendered":"http:\/\/sseblog.ec-spride.de\/?p=706"},"modified":"2014-02-03T16:30:28","modified_gmt":"2014-02-03T14:30:28","slug":"android-dos","status":"publish","type":"post","link":"https:\/\/blogs.uni-paderborn.de\/sse\/2014\/02\/03\/android-dos\/","title":{"rendered":"Google Confirms Denial-of-&#8220;App&#8221; Attack &#8211; Likely All Android Versions Affected"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_706 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_706')){$('.twoclick_social_bookmarks_post_706').socialSharePrivacy({\"txt_help\":\"Wenn Sie diese Felder durch einen Klick aktivieren, werden Informationen an Facebook, Twitter, Flattr, Xing, t3n, LinkedIn, Pinterest oder Google eventuell ins Ausland \\u00fcbertragen und unter Umst\\u00e4nden auch dort gespeichert. N\\u00e4heres erfahren Sie durch einen Klick auf das <em>i<\\\/em>.\",\"settings_perma\":\"Dauerhaft aktivieren und Daten\\u00fcber-tragung zustimmen:\",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/blogs.uni-paderborn.de\\\/sse\\\/2014\\\/02\\\/03\\\/android-dos\\\/\",\"post_id\":706,\"post_title_referrer_track\":\"Google+Confirms+Denial-of-%26%238220%3BApp%26%238221%3B+Attack+%26%238211%3B+Likely+All+Android+Versions+Affected\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Together with their colleague Stephan Huber from Fraunhofer SIT, Steven Arzt and Siegfried Rasthofer from the SSE group discovered a security issue present in all current versions of Android. As Google now confirmed, the attack vector allows to forbid the future installation of arbitrary Android apps at the choice of the attacker. For instance, it can be used to forbid the installation of the facebook app for basically the entire lifetime of the mobile device until a factory reset has been performed or the issue is fixed\u00a0manually\u00a0which, however, requires root access to the device and some expertise in the Android OS. <em>Update:<\/em> The attack itself requires <em>no\u00a0<\/em>root access.<\/p>\n<p>We tested the attack on Android Version 4.x and 2.3.6. It is likely that this attack affects\u00a0<em>ALL<\/em> Android versions, though. We wish to note, though, that this vulnerability was discovered under lab conditions, and that there is\u00a0currently <em>no indication<\/em> that the vulnerability is exploited in the wild.<\/p>\n<p>We are currently in contact with the Android security team to fix this problem. A detailed explanation of the attack will be published after a fix is available.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Together with their colleague Stephan Huber from Fraunhofer SIT, Steven Arzt and Siegfried Rasthofer from the SSE group discovered a security issue present in all current versions of Android. As Google now confirmed, the attack vector allows to forbid the &hellip; <a href=\"https:\/\/blogs.uni-paderborn.de\/sse\/2014\/02\/03\/android-dos\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":6581,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-706","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/706","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/users\/6581"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/comments?post=706"}],"version-history":[{"count":0,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/posts\/706\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/media?parent=706"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/categories?post=706"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.uni-paderborn.de\/sse\/wp-json\/wp\/v2\/tags?post=706"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}