DoNews1月9日消息 (记者 费倩文)1月9日,腾讯安全玄武实验室正式对外披露Android APP里普遍存在的“应用克隆”这一移动攻击威胁模型。受此威胁模型影响,支付宝、携程、饿了么等近十分之一的主流APP都有信息、账户被盗的风险。据了解,“应用克隆”漏洞仅对安卓系统有效,iOS系统不受影响。腾讯安全玄武实验室负责人于旸表示,该攻击模型是基于移动应用的一些基本设计特点导致的,所以几乎所有移动应用都适用该攻击模型。在这个攻击模型的视角下,很多以前认为威胁不大、厂商不重视的安全问题,都可以轻松“克隆”用户账户,窃取隐私信息,盗取账号及资金等。基于该攻击模型,腾讯安全玄武实验室以某个常被厂商忽...
DoNews1 9, January 9th (reporter Fei Qianwen), in January 9th, Tencent security Xuanwu laboratory officially disclosed the mobile cloning threat threat model widely applied in APP. This threat model, the risk of Alipay, Ctrip, APP and other mainstream hungry nearly 1/10 have information, account stolen. It is understood that the "application clone" vulnerability is only effective for the Android system, and the iOS system is not affected. Tencent security laboratory director Yang Xuanwu said the attack model is the result of some of the basic design features of mobile based applications, so almost all mobile applications for the attack model. From the perspective of this attack model, many security problems, which were previously considered less threatening and ignored by manufacturers, can easily clone user accounts, steal privacy information, steal accounts and funds. Based on the attack model, the Tencent security basalt laboratory is ignored by a certain manufacturer.
