By Eduard Kovacs on August 22, 2014
Researchers at Trend Micro have uncovered a security hole that can be exploited to launch phishing attacks against users who make payments from their Android mobile devices.
According to the security firm, the vulnerability affects the in-app payment (IAP) SDKs for Google Wallet and Alibaba's Alipay, China's leading third-party online payment solution.
The flaw identified by researchers is related to what's known as an "intent," the software mechanism in Android that allows users to coordinate the functions of different apps to achieve a certain task.
"Explicit intents are used if the developer wants an action to be performed by a specific component in a specific app. Implicit intents are used when a developer allows the process to be performed by components of other apps," Trend Micro Mobile Threats Analyst Weichao Sun explained in a blog post. "The Android platform uses intent-filters of apps to determine which app can perform the implicit intent. If an app contains the matching intent-filter, it can perform the task requested by the intent."
SecurityWeek/ full article here/ http://www.securityweek.com/vulnerability-found-google-wallet-alipay-payment-sdks
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.