Tuesday, March 18, 2014

[thehackernews] Turkish Hacker Crashes Google Play Store Twice while testing vulnerability

Last Weekend Google Play Store was crashed twice by a Turkish hacker when he tried to test vulnerability he discovered on the Android apps publishing system, known as Google's Developer Console.

Turkish hacker 'Ibrahim Balic' claimed responsibility for the Google Play Store attack and told 'The Hacker News', he found a flaw in the Android operating system while working with Android tools i.e. Compiler, debugger on his Emulators, that was crashing again and again.  'I successfully confirmed that it affects Android 4.2.2 , 4.3 and 2.3' he said.

Then he created an Android app to exploit the vulnerability, 'causes a possible memory corruption' and uploaded it to the Google's Developer Console.
play store hack
Unfortunately, OR Luckily the malformed Android app crashed whole Google's Developer Console, and he didn't expect that the app will knock everyone offline from Play Store.

He was not sure about the outage caused by him or not, "I just wanted to be sure about (the) vulnerability," so he uploaded the 'malformed APK file' again second time to the Google Play Store, that results in crash of Google Play Store, not once, but twice.
google play crashed
The first crashed around mid-day on Sunday and the same happened again on Monday when he tried a second time, leaving Android users unable to download new apps and games, and developers unable to update their own apps. However, the outage was so minimal that not many of us even noticed.

This is not the first time he messed up with app stores. Last July, Apple was forced to take its developer site offline after Ibrahim uncovered multiple vulnerabilities in it.

He also apologized for the inconvenience caused to his online fellows. "I didn't have any malicious aim," Ibrahim said to CNN Money. "I am so sorry for this damage."
Ibrahim reported the flaw to the Google Security Team and has yet to hear back from them about the issue. The Play Store is becoming much wider, and Google should focus hard on their security parameters.

No comments:

Post a Comment