News Articles

Thursday, July 4, 2013

Android vulnerability could affect 900 million devices, says Bluebox Security

Mobile security startup Bluebox Security is warning of an Android issue that makes 99% of all Android-based devices vulnerable to attack. The vulnerability would enable a hacker to turn legitimate apps into malicious software without the user realising.

In a blog post, Bluebox CTO Jeff Forristal wrote “The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.”

The company says it notified Google in February and plans to reveal more details about the issue at the Black Hat USA 2013 security conference in a few weeks.

Although applications downloaded from the Google Play app store are protected from this type of manipulation, other apps on third-party sites could be exploited.

[More details: Kaspersky Lab Threatpost]

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Leave a comment

This form collects your name, email, IP address and content so that we can keep track of the comments placed on the website. For more info check our Privacy Policy and Terms Of Use where you will get more info on where, how and why we store your data.
Add comment

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«November 2024»
MonTueWedThuFriSatSun
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678

Archive

Terms Of Use | Privacy Statement