Jump to content

Wikipedia:Reference desk/Archives/Computing/2015 July 22

From Wikipedia, the free encyclopedia
Computing desk
< July 21 << Jun | July | Aug >> July 23 >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


July 22

[edit]

android vulnerabilities

[edit]

I was surfing the web on my phone. All entirely respectable sites that I've read for a long time. But one site (or a banner ad on it) redirected me to somewhere, and that "somewhere" showed a message box with unlegible (binary) text in it, and then a page opened where it said, in broken German, that my phone was infected and that I needed to install some app from google play (needless to say, I didn't)
Should I be concerned? The random text in the first message box in particular, looked like it could be an attempt to stage a stack overflow attack or trip the browser in some other way (why else call alert() with a binary string.)
Is there something else I can do apart form changing the passwords? Should I change the passwords of the sites Chrome knows the password to because I logged in on them at some time in the past and had Chrome remember the password, too? Thank you for all your helpAsmrulz (talk) 20:50, 22 July 2015 (UTC)[reply]

You are probably fine. It sounds like the banner was using javascript to generate a popup, which looks scary (I've never heard of any overflow attacks that involve transmitting binary over http), followed by a script that directs you to the store. If your phones browser intercepts a link that begins with market:\\ it will open up the google play market to the address specified. (See here). As long as you didn't install any applications you are almost certainly safe. I'd say you don't even need to change your passwords, but there's no harm if you want to be cautious. 81.138.15.171 (talk) 16:28, 23 July 2015 (UTC)[reply]
All of that binary text designed to make you think you had been hacked was probably just generated by the web site itself. You might want to report this to Google Play, as they can pull that app off their list, for such behavior. They probably won't do it based on your word alone, but if enough people report it they will. StuRat (talk) 16:21, 24 July 2015 (UTC)[reply]