All Channels

Uncovering Android Master Key That Makes 99% of Devices Vulnerable

BlueBox: The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.

The story is too old to be commented.
In2iti0n2951d ago

I think about how manufacturers drag their feet on normal updates and can't imagine what heaven and earth movement would be required to patch this industry wide.

Then again, maybe the attack surface for this is small enough that it's manageable.

Soldierone2950d ago

Being mobile, they will probably only update the phones released in the past month while forcing everyone else to "upgrade" to get the fix.

Until, of course, one of us sues them for being stupid.

In2iti0n2950d ago (Edited 2950d ago )

Exactly. One of the bad sides of fragmented market.

SnakeCQC2950d ago

did you really need capitals twice in a word? Isn't it just Blue box? I wish people submitting articles would just pay attention to correct capitalisation!!!

Draper2950d ago

Was that really necessary? I don't see how important that tiny "capitalisation" detail was for so many exclamation marks and a comment solely about it.

Then again, maybe I'm not such a huge perfectionist.

SnakeCQC2950d ago

I dont really care too much either. The guy reported one of my submissions saying "The site name is Torrent Freak with a capital F. Please pay attention to capitalization. Thanks.". So I found it ironic when I came across this

Draper2950d ago

Oh, makes some sense now. The words, not the exclamation marks.

iliimaster2950d ago

someone needs to tell this guy the war is over...

Nucky2950d ago

I don't know one person who has ever received a virus or malware from the google play store..and I know a lot of android users like myself. I think people need to chill because this is something that will be patched and like .01 percent of people will maybe be affected.

In2iti0n2950d ago

The problem is, they're patching it too slowly, if at all. And the more this vulnerability gets heard about, the more affected users there will be.

SilentNegotiator2950d ago

People downloading random apps willy-nilly, that's who.