GovLoop - Knowledge Network for Government

For you Smart Phone Users....
BE AWARE!

from bluebox's blog
Uncovering Android Master Key That Makes 99% of Devices Vulnerable

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

....

So you don't believe that the sky is falling yesterday....

Additional Commentary from Security Blogger Peter Biddle

...
But perhaps no. This Android bug could prove to be extraordinarily bad.
...
I am not saying this automagically makes Android phones infinitely vulnerable to horrible deeds. It doesn’t. As of July 4th 2013 there are no known exploits in the wild that make use of this attack.

Views: 35

Tags: android, malware, smartphone, tech, vulnerability

Comment

You need to be a member of GovLoop - Knowledge Network for Government to add comments!

Join GovLoop - Knowledge Network for Government

Comment by Henry Brown on July 13, 2013 at 9:47pm

more followup information....

which IF you update/patch your smartphone you should be good to go:

From Phys.org

Google fixes APK nightmare-waiting-to-happen, sends patch to partners
...
All this can be viewed as much ado about something or might pan out to be much noise about nothing, because Google addressed the problem in a number of ways. Google updated Google Play, to provide checks that can block malicious attempts, so that any Android device user, by sticking to the Google Play area if intending to install any app or update, would not be at risk. Also, according to reports, the latest version of Android, has a built-in app-scanning system to check on apps coming from sources other than Google Play and a phone could block malicious code.

Google, meanwhile, has issued a patch to its hardware partners in the Open Handset Alliance. Manufacturers and carriers need to push it out to end users. Users who are unsure about their device models could check with the manufacture or mobile carrier. Google's Gina Scigliano, Android Communications Manager, said a patch was provided to partners and that some OEMs such as Samsung were shipping the fix to the Android devices.

Google, meanwhile, has issued a patch to its hardware partners in the Open Handset Alliance. Manufacturers and carriers need to push it out to end users. Users who are unsure about their device models could check with the manufacture or mobile carrier. Google's Gina Scigliano, Android Communications Manager, said a patch was provided to partners and that some OEMs such as Samsung were shipping the fix to the Android devices.

Read more at: http://phys.org/news/2013-07-google-apk-nightmare-waiting-to-happen...


...

© 2014   Created by GovLoop.

Badges  |  Report an Issue  |  Terms of Service