The sheer number of advertising trackers the app referred to is impressive. In our analysis, dfndr security used more advertising trackers than any other free antivirus solution. So trackers send information about browsing and search history back to advertisers, who use it to target and serve mobile ads. But in order to target them, advertisers need information about users’ personal habits and preferences. Mobile advertising is a huge business, and vendors can earn a lot of money displaying targeted ads. We used information from the Exodus mobile privacy database to look for dangerous permissions and advertising trackers. Every Android antivirus app should be able to detect and stop the attempt. It was built for exactly this sort of testing. The Metasploit payload we used attempts to open a reverse shell on the device without obfuscation. We found the following mobile antivirus apps couldn’t detect a dangerous test virus:
We can confirm all vulnerabilities were fixed. In this case, all three vendors worked with us in June and July to patch the flaws in their app before we published this report. VIPRE Mobile, AEGISLAB, and BullGuard all had flaws that could put user privacy and security at risk. XSS - Users of the AEGISLAB web dashboard were at risk of attackers inserting malicious code because of a vulnerable script XSS - Users of the BullGuard website were at risk of attackers inserting malicious code because of a vulnerable script IDOR - All users were vulnerable to an attacker remotely disabling their antivirus protection
IDOR - All users were vulnerable to an attacker sending fake antivirus alerts IDOR - Premium users with address book sync enabled were at risk of having their contacts stolen We found misconfigured web services affecting three separate antivirus vendors: Note: Privacy Lab Antivirus & Mobile Security has since been removed from the Play Store Security In total, 47% of the vendors we tested failed in some way. We found serious security flaws in three of the apps we tested, and found eight apps that couldn’t detect a test virus. Ĭomodo Free Antivirus, VPN and Mobile SecurityĪntivirus Mobile - Cleaner, Phone Virus Scannerĭfndr security: antivirus, anti-hacking & cleaner Malwarebytes Security: Virus Cleaner, Anti-MalwareĪPUS Security - Clean Virus, Antivirus, BoosterĬom.
0 kommentar(er)
