A computer security firm over the weekend warned against installing a beta version of Mozilla's Firefox browser for Android devices, due to a potentially dangerous feature.
Sophos said the latest Firefox beta for Android, version 11, wants permissions to send and receive SMS messages - a feature that can be exploited by cybercriminals.
"(W)on't this feature make my phone more vulnerable to malicious attacks? SMS sending permission on Android is mostly associated with malicious apps designed to steal your money by sending premium-rate SMS messages," Sophos' David Pottage said in a blog post.
Pottage said that with the SMS feature in the Firefox browser app, "the bad guys now need only find a way to trick the browser into sending premium-rate SMS messages without your permission or knowledge."
"This might be done by luring you to tap on a link to a website containing JavaScript code to send SMS messages - perhaps via poisoned search-engine results," he said.
Normally, he said Android users can protect themselves by checking the permissions list of any the apps they install, especially any from non-standard sources.
Pottage suggested to Mozilla to remove the ability to send SMS messages from its standard builds of Firefox for Android.
On the other hand, he said Firefox can make available a separate build that includes the feature but advises users clearly of the increased risk.
He also suggested that Google provide Android with a setting where users can insist that their approval is requested before each attempt to send an SMS.
"This approach would boost the confidence users feel when installing applications with a legitimate need to send SMS messages, without the fear of a large bill due to a rogue or buggy application," he said.

Post a Comment Blogger