'Master key' to Android phones uncovered
You are Unregistered, please register to use all of the features of FirearmsTalk.com!    


Firearm & Gun Forum - FireArmsTalk.com > General Discussion Forums > The Club House >

'Master key' to Android phones uncovered


Reply
 
LinkBack Thread Tools Display Modes
Old 07-10-2013, 07:17 AM   #1
Coffee! If your not shaking, you need another cup
FTF_SUPPORTER.png
Feedback Score: 0 reviews
 
Bigcountry02's Avatar
 
Join Date: Jan 2009
Location: Southwest
Posts: 6,783
Liked 2106 Times on 1240 Posts
Likes Given: 4539

Default 'Master key' to Android phones uncovered

FYI for Android phones users.

http://www.bbc.co.uk/news/technology-23179522

Quote:
A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.

The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery.

Writing on the BlueBox blog, Jeff Forristal, said the implications of the discovery were "huge".

The bug emerges because of the way Android handles cryptographic verification of the programs installed on the phone.

Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with. Mr Forristal and his colleagues have found a method of tricking the way Android checks these signatures so malicious changes to apps go unnoticed.

Any app or program written to exploit the bug would enjoy the same access to a phone that the legitimate version of that application enjoyed.

"It can essentially take over the normal functioning of the phone and control any function thereof," wrote Mr Forristal. BlueBox reported finding the bug to Google in February. Mr Forristal is planning to reveal more information about the problem at the Black Hat hacker conference being held in August this year.

Marc Rogers, principal security researcher at mobile security firm Lookout said it had replicated the attack and its ability to compromise Android apps.

Mr Rogers added that Google had been informed about the bug by Mr Forristal and had added checking systems to its Play store to spot and stop apps that had been tampered with in this way.

The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

Uncovering Android Master Key That Makes 99% of Devices Vulnerable

Quote:
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.


Bigcountry02 is offline  
2
People Like This 
Reply With Quote

Join FirearmsTalk.com Today - It's Free!

Are you a firearms enthusiast? Then we hope you will join the community. You will gain access to post, create threads, private message, upload images, join groups and more.

Firearms Talk is owned and operated by fellow firearms enthusiasts. We strive to offer a non-commercial community to learn and share information.

Join FirearmsTalk.com Today! - Click Here


Reply

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Firearms Forum Replies Last Post
app crashing on android rurak The Club House 8 04-11-2013 10:16 PM
anyone else on a new android phone? mountainman13 The Club House 41 06-29-2012 11:00 PM
WW1 trench uncovered in France hairbear1 The Club House 8 02-13-2012 09:09 AM
Video Shows How HTC Android Phones Leak Private Info ‘Left and Right Bigcountry02 The Club House 2 10-03-2011 10:29 PM
N.Y. Elementary School 'Fight Club' Uncovered by Student's Father opaww Politics, Religion and Controversy 2 02-04-2010 03:26 PM



Newest Threads