• No events
AEC v1.0.4

Cyber Security Info

Vulnerable for Android

May 23, 2014

Share Button

Paolo Soto from Include Security has published an article about the vulnerabilities of Microsoft’s mail client for Android. Firstly, the e-mail attachments are stored in a folder on a SD card making them readable for any app with permission to access the removable storage which includes majority of apps storing any data. Fortunately, apps in Android 4.4 and above have access only to their own or public folders. Nevertheless, vast majority of Android users have previous vulnerable Android versions installed. Secondly, the app allows the user to protect it by a PIN code. User may believe that the code is intended to encrypt and protect all e-mails, but it only blocks access to the e-mail database through the app. The database of cached e-mails however may be accessed directly in case USB DEbugging option is on.

Share Button