Get PJ Media on your Apple

VodkaPundit

Major Android Security Flaw

July 7th, 2013 - 6:37 am

I mean, major:

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

That’s bad, right?

Comments are closed.

All Comments   (2)
All Comments   (2)
Sort: Newest Oldest Top Rated
this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access.

So, a device running stock Android, as opposed to something modified by a manufacturer or carrier, is safer.
40 weeks ago
40 weeks ago Link To Comment
Not if it's a Motorola Android phone. Motorola has a version of Android that "Phones home" a LOT of information, and not all of it is secure.
40 weeks ago
40 weeks ago Link To Comment
View All