News Articles

Thursday, July 4, 2013

Android vulnerability could affect 900 million devices, says Bluebox Security

Mobile security startup Bluebox Security is warning of an Android issue that makes 99% of all Android-based devices vulnerable to attack. The vulnerability would enable a hacker to turn legitimate apps into malicious software without the user realising.

In a blog post, Bluebox CTO Jeff Forristal wrote “The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.”

The company says it notified Google in February and plans to reveal more details about the issue at the Black Hat USA 2013 security conference in a few weeks.

Although applications downloaded from the Google Play app store are protected from this type of manipulation, other apps on third-party sites could be exploited.

[More details: Kaspersky Lab Threatpost]

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Leave a comment

Name:
Email:
Comment:
Add comment

Name:
Email:
Subject:
Message:
x

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«November 2017»
MonTueWedThuFriSatSun
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910

Archive

Terms Of Use | Privacy Statement