"To download new plug-ins, the browser sends a request to the command-and-control server and receives a link to file in response. The MITM threat arises because UCWeb committed the security blunder of delivering updates to the browser over an unsecured HTTP connection. SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic) Besides, the browser can suffer from MITM (man-in-the-middle) attacks," the security company notes. "If cybercriminals gain control of the browser's command-and-control server, they can use the built-in update feature to distribute any executable code, including malware. UC Browser has attracted a large user-base in India, with over 500 million downloads from the Play Store and is also available through third-party app stores.ĭr Web researchers note that for now UC Browser represents a "potential threat" but warn that all users could be exposed to malware due to its design. "This violates Google Inc's rules and poses a serious threat because it enables any code, including malicious ones, to be downloaded to Android devices," Dr Web researchers warn. The company has raised an alarm over the mobile browser because it can download additional software libraries without going through Google's official Play Store servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |