Security researchers claim to have recently discovered a vulnerability in Android that could potentially affect 99% of devices. Bluebox Security revealed that the exploit, which has reportedly existed for the past four years since Android 1.6, allows a hacker to modify an application’s code without breaking its cryptographic signature. I could then theoretically turn any legitimate application into a malicious one.
The firm notes that these malicious applications would be “unnoticed by the app store, the phone, or the end user,” adding that a hacker could exploit the vulnerability to do just about anything to a device. The difficult part, however, is finding a way to trick users into installing the malicious app update.
Bluebox CTO Jeff Forristal confirmed to CIO that Samsung has already issued a fix for the Galaxy S4, which is the only smartphone now immune to the vulnerability. Google was notified about the exploit in February and is said to be working on a fix for its Nexus devices.