A newly discovered flaw in Google’s Android mobile operating system could allow hackers to launch phishing attacks in order to steal banking credentials.
Researchers at security firm Trustwave have revealed that the flaw allows hackers to create a fake log-in page which can be used to steal user names and passwords when users visit a banking website.
According to the company, the flaw resides in Android’s ability to put forward one application to the front of active processes instead of giving out alerts at the notification bars. The company also said that flaw could be exploited to serve pop-up ads.
The company demonstrated the flaw at the on-going DefCon security conference, using it to steal Google, Facebook and Amazon passwords.
Search engine giant Google on the other hand claimed that the issue detailed by the searchers was not a flaw but a part of Android’s famed multi-tasking abilities which allows application interaction.
“Switching between applications is a desired capability used by many applications to encourage rich interaction between applications. We haven't seen any apps maliciously using this technique on Android Market and we will remove any apps that do,” a Google spokesperson told CNET.