[alert style=”alert-info” title=”The Master Key Exploit Fix Has Been Released”]Google has released a fix for the Master Key exploit. Read more about it here.[/alert]
A new mobile security start up BlueBox Security has found an exploit on android which puts almost 99% of the android devices at the risk of exploitation. According to BlueBox the exploit lets the cracker to insert a trojan inside an APK without actually loosing the cryptographic signature. This will make the Android think that the is the legitimate one and thus end up in allowing the app to be installed and grant full access to the Android System. Thanks to BlueBox as they haven’t made the vulnerability public and informing the major device manufacturers & Google itself.
According to CIO, Google has already modified its play store entry process so that any applications which uses this vulnerability to exploit the device will not be passed the entry process and will not be distributed via Google Play. BlueBox is planning to reveal the details of the flaw at the BlackHat USA conference which will be taking place at the end of this month. BlueBox has already made the information about how the exploit will effect your device available, here is how they say it.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
Anyway you might not have to worry that much, since this exploit has been made available to Google and has not been released to public. Most of the new exploits found are like these on android, the good part of being open source I must say. This exploit exists on all the versions of android since Android version 1.6, Donut and as of now the only smart phone which is not vulnerable to this attack is Samsung Galaxy S4.
Now don’t go on thinking that Android is the worst possible Operating system just because you hear about malwares on Android every now and then. If you’re person who installs Apps only from Google play store and known developers, you might not be at risk at all. The risk of getting infected with a malware on your android system is very low and if you fall into the category of users who do not trust any applications from places other than the Google Play store, you might not have to worry at all. It is very rare, and I stress VERY RARE, that a person get infected from an app from Google Play store.
Last Updated on