Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

By John Leyden


An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks.

Tom Moreton, a security researcher at Context, found that an insecure update mechanism in the product, which is available via Google Play, could be exploited to allow an attacker in a position to modify network traffic to inject their own functionality into the application.

Context’s findings were reported to the Spanish security firm, which fixed them in a recent version. A spokesman for Panda Security confirmed this, telling El Reg that "Panda Android apps for consumer and corporate security have all been updated to remove this potential vulnerability".

Panda Mobile Security has clocked up more than a million downloads. Context analysed the security of the product on the back of recent research by Google Project Zero team, and specifically that of Tavis Ormandy, into the security of desktop anti-malware packages.

Context, at least, is yet to find flaws in other mobile anti-malware products. Its thesis that mobile anti-malware packages are just as riddled with bugs as their desktop counterparts nonetheless seems more than plausible. ®

Sign up to our NewsletterGet IT in your inbox daily

Post a comment

More from The Register

Smartphones gateway drug to the Antichrist, says leader of Russian Orthodox Church

And the beast was given a mouth uttering blasphemous words: 'We value your privacy'

LG: Fsck everything, we're doing 16 lenses in smartphones (probably)

How do we make mobes take better snaps? Throw a buttload of sensors at 'em, judging from this patent

Europe turns nose up at new smartphones: Beancounters predict 7% sales drop

Punters wising up to expensive upgrade cycle

Evil third-party screens on smartphones are able to see all that you poke

Of course researchers added machine learning to the mix too

Dawn of The Planet of the Phablets in 2019 will see off smartphones

Anything smaller than 5.5 inches just won't satisfy, especially in China

Samsung gains ground on smartphones

Emerging markets are where it's at

Baidu puts open source deep learning into smartphones

Computer vision, deep learning, and the camera in your phone

Fujitsu looking to flog its smartphones biz – report

How's that 'digital transformation' going?

If you drop a tablet in a forest of smartphones, will anyone hear it fall?

Is it even worth counting tablet sales? Do they even exist?

Smartphones' security enhancements just make them more dangerous

Is that incriminating data in your pocket or are you just pleased to see me?