BEIJING, July 10, 2013 /PRNewswire/ -- Qihoo 360 (NYSE: QIHU), a leading Internet security company in China, today published an updated version of its mobile security app that protects users from mobile threats caused by a serious system vulnerability recently discovered in the Android operating system. Researchers believe that this vulnerability, which is believed to be prevalent in devices using Android 1.6 and later, could place nearly 99% of Android-based devices at risk.
After an in-depth analysis of the principal attack schema of the vulnerability, Qihoo 360's security experts found that malware developers can insert malicious code into a legitimate Android Application Package ("APK") without breaking its digital signature. This enables the application to bypass Android's built-in signature verification mechanisms to launch a variety of malicious functions.
Through this process, hackers can trick users to install repackaged APKs with malicious updates and therefore control the infected phones and collect users' contact lists, SMS and call logs, login information and other private data. This vulnerability could give hackers full control over an infected device, allowing them to use dialing/texting functions and activate the camera without the user's knowledge or permission.
Starting on July 9, Beijing time, Qihoo 360's security experts noticed that the exploitation code of this vulnerability has been spread over several technical forums. While Google has already taken measures to protect applications in the Google Play store and provided a patch to handset manufacturers, many handsets and third party app stores have not yet implemented the security update and are not yet protected.Recognizing the potential damaging impact for our users, Qihoo 360 has prepared and released an updated version of 360 Mobile Security to better protect its users with proactive alerts and necessary warnings. In addition, Qihoo 360 strongly recommends users to download or run apps only from trusted sources, such as Google Play and 360 Mobile Assistance.