Pinterest Stumbleupon Whatsapp

A mobile security company called Bluebox is claiming to have discovered a vulnerability in Android devices that could leave a staggering 99 percent of them open to an attack. Any device that has hit the market within the last four years could be susceptible to said attack, so only older devices are exempt.

The method involves modifying an app’s code without affecting its cryptographic signature. This allows the malicious app to insert code without drawing any attention. Thus, the attack would go unnoticed. From there, the exploit could be used to steal a user’s data or create dangerous botnets.

The specifics of the exploit was left under wraps, presumably so malicious individuals will not be able to figure it out as easily. Some details were given, mainly that this exploit would allow the app to use a sort of “master key” to get around the app’s cryptographic signatures, which is what verifies its authenticity.

Before you become too terrified, the vulnerability has reportedly been around since the release of Android 1.6 in 2009, and it has not cause widespread problems yet. Google has known about the issue since February, but the responsibility rests with the device manufactures to release updates that will fix the bug. So far only Samsung has issued the patch to the Galaxy S IV, but we expect other devices to follow its lead soon.

While scary, the important thing to remember is that this bug is not going to magically jump into your phone. The user does have to install a malicious app. Simply being careful about which kinds of apps you put on your phone or tablet will help keep your device protected from this, and most other exploits.


Source: Techspot

  1. monikhan
    July 21, 2013 at 8:05 pm

    I know many information from here..........

  2. Umair M
    July 9, 2013 at 6:04 am

    That's a very serious flaw. I always though android was the safest OS.

  3. comeon
    July 8, 2013 at 3:16 pm

    Seriously? This is only if you're downloading and "sideloading" apps from non-legitmate sources in the first place.
    Desperate sensationalism of the story title! All this does is generate unwarranted fear for the everyday/normal user....and then garners the "Good bye Android, hello Windows Phone" responses. Ridiculous.
    If you're downloading hacked or pirated apps in the first place- you deserve what you get.

  4. Craig Herberg
    July 8, 2013 at 2:53 am

    What's frightening to me is the fact that a popular, and perfectly legitimate, app could be changed into a malicious one without the OS noticing. Hopefully, our antivirus software will help prevent this exploit.

    • Emlyn
      July 8, 2013 at 9:39 am

      no, the app would be malware when you install it, just it would look legit. Im sure that once Google have the details they can validate the apps that are on play, the only risk by the sounds of it is sideloading apps. its not like popular developers are going to start putting this into their apps so unless you pirate apps there's nothing to worry about

  5. Mitchell Nankervis
    July 7, 2013 at 10:59 pm

    Good bye Android, hello Windows Phone.

    • Kristian A
      July 8, 2013 at 6:51 am

      And you can say goodbye to bluetooth and millions of applications for Android.

      • Tom
        July 8, 2013 at 9:57 am

        What are you talking about? I had a windows phone and the blue tooth was fine. Sure there are less apps, but I was able to get everything I needed. and finally get off the crack there are not millions of apps for androids. There are less than 800K and that's counting fart and wall paper apps

        • Kristian A
          July 8, 2013 at 10:51 am

          I talking about that you can't send files through bluetooth. My friend have Nokia lumia 800 and when we want to send picture through bluetooth he can't.

Leave a Reply

Your email address will not be published. Required fields are marked *