After further analyzing the alleged Android spam botnet, experts from mobile security firm Lookout believe that they found the missing piece of the puzzle.
They state that the Yahoo! Mail application for Android does not encrypt communications by default, allowing an attacker to hijack sessions and use them to send spam.
According to the researchers, since Yahoo! Mail for Android uses HTTP instead of HTTPS, data packets sent by the app via an open connection, such as public Wi-Fi, can be easily intercepted.
So how does this type of session hijacking work?
First, the attacker sniffs out Yahoo! Mail traffic on insecure Wi-Fi networks. When the victim joins the network and attempts to check his/her email, the attacker intercepts the session.
“The attacker intercepts a particular cookie and can use it to impersonate that user, over whatever networks are available to them, including by tethering to a mobile network. This allows the attacker to send spam emails that appear 100% legitimate, as those indicated in the original reported story,” experts write.
To avoid falling victims to such attacks, Yahoo! Mail for Android customers should ensure that SSL is enabled from the app’s “General Settings” menu.
Furthermore, internauts should be cautious when connecting to public Wi-Fi networks, the use of browser plugins that secure traffic, such as HTTPS Everywhere, being highly recommended.
In their previous post, Lookout researchers revealed that Yahoo was investigating the matter. It’s uncertain at this time if they plan on doing anything about this issue, but if this plausible scenario turns out to be true, they might enable HTTPS by default in future versions.
Via: Android Botnet Might Involve Yahoo! Mail Session Hijacking, Experts Say
Tidak ada komentar:
Posting Komentar