Huge security vulnerability may affect nearly every Android device on the planet

Android Security Vulnerability

Security researchers claim to have recently discovered a vulnerability in Android that could potentially affect 99% of devices. Bluebox Security revealed that the exploit, which has reportedly existed for the past four years since Android 1.6, allows a hacker to modify an application’s code without breaking its cryptographic signature. I could then theoretically turn any legitimate application into a malicious one.

The firm notes that these malicious applications would be “unnoticed by the app store, the phone, or the end user,” adding that a hacker could exploit the vulnerability to do just about anything to a device. The difficult part, however, is finding a way to trick users into installing the malicious app update.

Bluebox CTO Jeff Forristal confirmed to CIO that Samsung has already issued a fix for the Galaxy S4, which is the only smartphone now immune to the vulnerability. Google was notified about the exploit in February and is said to be working on a fix for its Nexus devices.

Source:
Bluebox, CIO
blog comments powered by Disqus