News Articles

Thursday, July 4, 2013

Android vulnerability could affect 900 million devices, says Bluebox Security

Mobile security startup Bluebox Security is warning of an Android issue that makes 99% of all Android-based devices vulnerable to attack. The vulnerability would enable a hacker to turn legitimate apps into malicious software without the user realising.

In a blog post, Bluebox CTO Jeff Forristal wrote “The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.”

The company says it notified Google in February and plans to reveal more details about the issue at the Black Hat USA 2013 security conference in a few weeks.

Although applications downloaded from the Google Play app store are protected from this type of manipulation, other apps on third-party sites could be exploited.

[More details: Kaspersky Lab Threatpost]

Print
Author: The Fonecast
0 Comments
Rate this article:
No rating

Categories: Operating systems, Applications, NewsNumber of views: 2190

Tags: securityandroidapplicationsbluebox

Leave a comment

Name:
Email:
Comment:
CAPTCHA image
Enter the code shown above in the box below.
Add comment

Name:
Email:
Subject:
Message:
x

Follow thefonecast.com

Twitter @TheFonecast RSS podcast feed
Find us on Facebook Subscribe free via iTunes

Archive Calendar

«September 2016»
MonTueWedThuFriSatSun
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789

Archive

Terms Of Use | Privacy Statement