Click to Skip Ad
Closing in...

Google sends out patch for largest Android security hole yet

Published Jul 9th, 2013 8:30AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

We hear a lot about security issues on Android but the vulnerability discovered by Bluebox Security recently is something truly special. Essentially, the vulnerability theoretically allows hackers to change mobile applications’ codes without breaking the cryptographic signature that’s needed to verify an app’s legitimacy. In other words, the vulnerability could give hackers free rein to transform any app into malware. To make matters worse, Bluebox says that this problem has existed since at least Android 1.6, which means that the vast majority of Android devices are vulnerable to malware-producing hackers. But fear not! ZDNet reports that Google is sort of on the case and that it’s sent out a security patch to its OEM partners that will close the security hole once it’s installed.

Given the large number of Android vendors out there, it’s difficult to say when different devices will actually have the patch available. A Google spokesperson tells ZDNet that Samsung “is already shipping the fix to the Android devices,” although it’s not clear when smaller vendors will push out the fix to their devices. The spokesperson also says that the company has seen no evidence that hackers have exploited this weakness on the Google Play store.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.