Click to Skip Ad
Closing in...

Symantec spots first two apps that exploit biggest-ever Android security hole

Published Jul 24th, 2013 4:15PM EDT
Symantec Android Master Key Malware

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Less than a month after researchers at Bluebox Security uncovered the biggest Android security hole to date, Symantec has spotted two malicious apps that are taking advantage of this major crack in Android’s foundation. Essentially, the vulnerability found by Bluebox theoretically allows hackers to change mobile applications’ codes without breaking the cryptographic signature that’s needed to verify an app’s legitimacy. In other words, the vulnerability could give hackers free rein to transform any app into malware. To make matters worse, Bluebox says that this problem has existed since at least Android 1.6, which means that the vast majority of Android devices are vulnerable to malware-producing hackers.

Symantec says so far that’s it’s found two mobile apps in China whose code has been rewritten by hackers to let them “remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands.” Google has issued an official patch for this major Android security vulnerability but since it’s being distributed through OEMs there’s no timetable for when many devices will be able to download it.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.