They find vulnerability that affects all Android the last four years
A team of researchers from Bluebox Labs claims to have found a Vulnerability in the security model of the Android operating system that will allow a hacker to “modify the code of an apk without breaking cryptographic digital signature and application to convert any legitimate application a malicious Trojan. “
This Trojan can not be detected by the app store, the phone or the user, and its implications are enormous because the vulnerability is located at least since the release of Android 1.6 Donut , which affect all Android phones released in the last four years, ie, about 900 million devices.
While it is still theoretically how to distribute a malware that exploits this vulnerability, and since it is no longer possible to do through Google Play Store after a recent update of the platform, however a user could be tricked install APK through third-party app stores, malicious websites or by email
Bluebox team informed Google in February 2013 about this vulnerability, but it is the responsibility of the manufacturers of the phones on maintaining the patches that solve the problem. So far, the Samsung Galaxy S4 is already patched, though curiously, not yet implemented any phone patch Nexus line of Google.
Bluebox reveal all the details of their investigation later this month at the Black Hat security conference in Las Vegas.Android, Android Google Play, apk, Donut, Google Android, Google Play, Google Play Store, Trojan, Troyano, Vulnerabilidad, vulnerabilidades, vulnerabilities, Vulnerability