‘Master Key’ Gives Bad Guys Access to Almost Any Android Phone

‘Master Key’ Gives Bad Guys Access to Almost Any Android Phone

Security research firm BlueBox claims to have found a “master key” that could give the bad guys complete access to almost any Android phone.

Android Malware 1

The BBC:

The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google refused to comment to the BBC on BlueBox’s reported discovery.

Jeff Forristal, in a post on the BlueBox blog, said the implications of the discovery were “huge.”:

This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices – and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

The Android OS uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with. The folks at BlueBox have reportedly found a method to trick Android when it checks these signature, so any malicious changes to an app go unnoticed.

Any modified version of the app would have the same access to a device that the legitimate version would have.

Marc Rogers, principal security researcher at mobile security firm Lookout said it had replicated the attack and its ability to compromise Android apps.

Google has been informed of the bug, and is reported to have added checking systems to its Play store to spot and stop apps that have been tampered with using this method.

Android users can breathe a little easier, as there is no evidence, as yet, that the exploit is being used by cyber-thieves.

  1. 881160 31169I will tell your friends to visit this site. .Thanks for the write-up. 670964

  2. relx says:

    253979 120875Glad to be 1 of numerous visitants on this awful web web site : D. 135781

  3. 137214 93852Discovered this on MSN and Im happy I did. Well written write-up. 534640

  4. betflix says:

    830533 126088Following study numerous the websites together with your internet site now, and that i genuinely appreciate your method of blogging. I bookmarked it to my bookmark web site list and are checking back soon. Pls have a look at my web page likewise and let me know should you agree. 868774

  5. 셔츠룸 says:

    167927 212308Precisely what I was looking for, thankyou for putting up. 558219

  6. 624065 238307Constructive criticism is generally looked upon as becoming politically incorrect. 813076

Leave a Reply

Your email address will not be published.