January 9, Tencent Security basaltic Laboratory announced that recently found a new type of mobile attack threat model, and named it as' application cloning '. Conference, Xuanwu Laboratory to Alipay APP as an example shows the' application Clone 'Attack' Effect: On a mobile phone upgraded to the latest Android 8.1.0, 'Attacker' sends a SMS to the user containing a malicious link. Once clicked, the user's Alipay account is instantly cloned to ' Attacker 'phone, and then' attacker 'on your cell phone can view the user account information, and can be consumed.
It is worth mentioning that there is a "clone application" is not a APP Alipay, basaltic Lab director Yu 旸 pointed out that a large number of mainstream APP have the loopholes, basaltic laboratory testing of the domestic Android system 200 well-known APP, Of which 27 exist in the loophole, accounting for more than 13%, including the United States and gifted products, Gome, ink weather, a little information, Ctrip, Baidu takeaway, Jingdong at home, what is hungry, WiFi, millet life, , Baidu travel, watercress, donkey mother, market network, easy car, plump, tiger flutter and so on.
In this regard, industry insiders pointed out that these well-known APP's technical team strength are strong, and in addition, a larger number of non-APP, the proportion of loopholes should be high not low, if you do not take urgent measures in the field of network The proportion of 'black swans' is even much higher than the capital market.
Due to the fact that it was not a case in point, Xuanwu Lab reported the vulnerabilities of the above 27 APPs to CNVD on December 7, 2017. CNVD immediately arranged relevant technicians to verify the loopholes (CNE201736682). On December 10, CNVD sent a peer-to-peer vulnerability notification to 27 APPs involved in the vulnerability, provided details on the vulnerability and set up a fix.
Li Jia, Deputy Director of Network Security Division of National Internet Emergency Response Center, said: 'Today, I would like to thank on behalf of CNNET and CNVD for the work done by Xuanwu Laboratory which has been submitted to our CNVD platform for years More than 190 common software vulnerabilities.This basaltic laboratory found a new virus attack on the Android system, it can be said that the impact of a particularly large area, the damage is huge, just through the relevant demonstration also saw. As soon as possible, the relevant loopholes were reported to our platform, which can be said to have provided precious time for our emergency response to relevant incidents. '
Although CNVD did peer-to-peer notifications of 27 APPs on December 10, a few months after the launch, there were a number of APPs that did not fix the loopholes or did not respond. "Not long after the notification , CNVD received feedback from most APPs such as Alipay, Baidu Takeout, Gome and others that they are already fixing the loopholes, "said Li Jia." Due to the gap in the technical capabilities of various teams, some APPs have now fixed vulnerabilities. There are APP has not been repaired as of January 8, have not received feedback APP including Jingdong at home, hungry, the United States and UF products, watercress, easy car, railway Friends of the train ticket, tiger flutter, micro-shop 10 Here, I also hope that the 10 enterprises that do not have timely feedback will effectively strengthen their network security operation capabilities and implement the main responsibility requirements of network security laws and regulations. '
As an example of APP, the reporter learned from Alipay relevant person in charge, Alipay has been a month ago to upgrade the APP to fix this Android loopholes, Alipay user account security will not be affected.
However, it is puzzling is that this time was named 10 APP, APP in an interview with reporters said they did not get from CNVD notification of the vulnerability also said that if notified, will certainly be Positive feedback and repair.
What needs to be mentioned is that one of the important reasons why ransomware was able to spread to the world within a short period of time is that warning messages are not communicated in time.
Limited by the energy, the Xuanwu Laboratory just selected the more well-known 200 APP was tested, and 13% of the existence of 'Application Clone' loopholes.It is easy to see, there are a lot of loopholes APP in 'streaking', use These APP users 'mobile phones may be attacked at any time.' There are many APPs that have problems but they themselves do not know that no one has the energy to check all APPs in China more, This is the significance of our disclosure this time, "Yu said.