Monday, August 29, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Facebook 'Trending' To Rely Less On Humans
Apple Patches iOS Security Flaws Discovered In Spyware Targeting Activist
LG To Showcase Latest OLED TVs Compatible With HDR Technologies At IFA
NHK Join Forces With Panasonic And Sony To Win The 8K TV Race
Intel Introduces New 3D NAND SSDs
Facebook To Use Personal Data From WhatsApp To Bring You Personalized Ads
Amazon Introduces Car Research Portal
Google Uses Artificial Intelligence To Compress Images
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Uncover...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, July 04, 2013
Uncovered 'Master key' Makes Android Phones Makes Vulnerable


Security research firm BlueBox has discovered a vulnerability that could allow cyber-thieves to turn any legitimate Android application into a Trojan, completely unnoticed by the phone user.

The vulnerability in Android?s security model allows a hacker to turn any legitimate application into a malicious Trojan. The vulnerability has been around at least since the release of Android 1.6 and could affect any Android phone released in the last 4 years - or nearly 900 million devices. According to BlueBox, depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these "zombie" mobile devices to create a botnet.

The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature.

All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn't been tampered with or modified. This vulnerability makes it possible to change an application's code without affecting the cryptographic signature of the application - essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.

While the risk to the individual and the enterprise is great, this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) - that are granted special elevated privileges within Android - specifically System UID access.

Google had no comment to make on BlueBox's discovery.


Previous
Next
Samsung Introduces The WB110 Camera with 26x Optical Zoom        All News        Huawei, London college To Cooperate On Big Data Technologies
Sony "my Xperia" Phone Location Service Rolling Globally     Mobiles News      Motorola Starts Promoting New Moto X Smartphone

Get RSS feed Easy Print E-Mail this Message

Related News
Android 7.0 Nougat Released For Nexus Devices And LG V20
Millions Of Android Devices Infected With Chinese Malware
Android N Will Be Called "Nougat"
'GODLESS' Android Mobile Malware Uses Multiple Exploits to Root Devices
Fraunhofer SIT Finds Vulnerabilities in Android Security Apps
Worldwide Smartphone Sales Grew 3.9 Percent in First Quarter, Windows Phone, Blackberry Shares Keep Shrinking
Focusing On Android N
Europe Sends Statement of Objections to Google on Android And Applications
Android N Developer Preview Releases With Slit-screen
Apple Pay And Samsung Pay Launching In China
Android Trojan Steals Passwords Sent Through Voice Calls
Google Patches Nexus Devices

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .