11 popular apps let hackers steal your password, break into your account
Sci & Tech
By
Mirror
| Dec 05, 2020
From Samsung to Huawei, Android smartphones are some of the most popular handheld devices around the world.
But if you use an Android smartphone, a new report may encourage you to rethink which apps you have installed.
Researchers from Check Point have warned that several popular apps let hackers copy your password and break into your account.
The apps were found to contain a vulnerability known as CVE-2020-8913 that lets attackers inject malicious code into apps, granting access your phone data - including passwords, messages and photos.
READ MORE
Why Mbadi wants IEBC to reduce Sh64b election budget
How Kenyans lost Sh10bn through shadowy investments
Kenyan startups outshine Africa with three major innovation wins
Why every Kenyan must protect their personal data
Konza inks deal with Moroccan firm to deliver AI certification
AG's office in the spot for hindering KenGen's cheaper power plan
Pesalink, PAPSS deal cuts currency barriers for Kenya cross-border payments
Manyanja Mall: Quickmart, Goodlife and Rubis among anchor tenants of Sh400 million mall
Econetix inaugural CORSIA deal channels carbon finance to Africa
Industry leaders push to accelerate social governance in brokerage
Thankfully, Google has now fixed the issue, although Check Point estimates that hundreds of millions of users have been affected.
Aviran Hazum, Check Point’s Manager of Mobile Research said: “We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries.
“The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application.
“For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials.
“Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination.”
Based on the findings, the researchers advise that customers install a mobile threat defence solution on their smartphone.
The apps affected include several popular apps:
Viber
Booking
Cisco Teams
Yang Pro
Moovit
Grindr
OKCupid
Bumble
Edge
Xrecorder
PowerDirector