Pages Menu
Categories Menu

Posted by on Jul 4, 2013 in Security | 0 comments

They find vulnerability that affects all Android the last four years

They find vulnerability that affects all Android the last four years

(CC) MiBSi

A team of researchers from Bluebox Labs claims to have found a in the security model of the operating system that will allow a hacker to “modify the code of an without breaking cryptographic digital signature and application to convert any legitimate application a malicious Trojan.

This can not be detected by the app store, the phone or the user, and its implications are enormous because the vulnerability is located at least since the release of Android 1.6 , which affect all Android phones released in the last four years, ie, about 900 million devices.

While it is still theoretically how to distribute a malware that exploits this vulnerability, and since it is no longer possible to do through Store after a recent update of the platform, however a user could be tricked install APK through third-party app stores, malicious websites or by email

Bluebox team informed Google in February 2013 about this vulnerability, but it is the responsibility of the manufacturers of the phones on maintaining the patches that solve the problem. So far, the Samsung Galaxy S4 is already patched, though curiously, not yet implemented any phone patch Nexus line of Google.

Bluebox reveal all the details of their investigation later this month at the Black Hat security conference in Las Vegas.

Link: Uncovering Android Master Key That makes 99% of devices vulnerable (Bluebox)

Tags: , , , , , , , , , , , ,

Post a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>