Security bug spotted in most Android devices

It seems that most Android phones could theoretically be open to hackers. But right now, there's not a lot being done about it.

That's according to information from Bluebox Security, which believes that the 'Android master key' on 99 per cent of devices (around 900 million) creates a way in for those with evil intent. It seems the flaw is down to the way Android app updates are verified, with developers able to modify the code of an app update without breaking the 'cryptographic signature'. So it might look like a reasonable app to download, but could be packing a whole lot of nasties.

'Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile bonnet,' claims Bluebox.

This isn't a recent thing - and that is perhaps the one saving grace. It seems like the vulnerability has been around since Android 1.6, with Bluebox saying that the Samsung Galaxy S4 is the only device not prone to the problem. It obviously has code acting against it.

Google is aware and has notified manufacturers of hardware about it, with a solution in the pipeline for Nexus handsets. But for the rest, that's down to manufacturers to patch it up. Hopefully they're hearing about it loud and clear and working on patching for handsets old and new.

Source: TechRadar

Written by Mobile Choice
Mobile Choice

Leave a Comment