Click to Skip Ad
Closing in...

Huge security vulnerability may affect nearly every Android device on the planet

Published Jul 4th, 2013 11:35AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Security researchers claim to have recently discovered a vulnerability in Android that could potentially affect 99% of devices. Bluebox Security revealed that the exploit, which has reportedly existed for the past four years since Android 1.6, allows a hacker to modify an application’s code without breaking its cryptographic signature. I could then theoretically turn any legitimate application into a malicious one.

The firm notes that these malicious applications would be “unnoticed by the app store, the phone, or the end user,” adding that a hacker could exploit the vulnerability to do just about anything to a device. The difficult part, however, is finding a way to trick users into installing the malicious app update.

Bluebox CTO Jeff Forristal confirmed to CIO that Samsung has already issued a fix for the Galaxy S4, which is the only smartphone now immune to the vulnerability. Google was notified about the exploit in February and is said to be working on a fix for its Nexus devices.

Dan joins the BGR team as the Android Editor, covering all things relating to Google’s premiere operating system. His work has appeared on Fox News, Fox Business and Yahoo News, among other publications. When he isn’t testing the latest devices or apps, he can be found enjoying the sights and sounds of New York City.