Android 'Master Key' Security Flaw Affects 900M Google Devices

Friday, 05 Jul 2013 09:06 AM

By Clyde Hughes

Share:
  Comment  |
   Contact Us  |
  Print  
|  A   A  
  Copy Shortlink
Tech experts warned Android users of a security flaw this week: Hackers could modify an Android code into a "master key" that could turn 99 percent of the devices dormant and make them vulnerable to data theft.

Jeff Forristal, of Bluebox Security, wrote on his corporate blog that the security flaw could affect any Android device that has been purchased in the last few years. 

Editor's Note: Do You Support Obamacare? Vote in Urgent National Poll

"The implications are huge," Forristal said on his blog. "This vulnerability, around at least since the release of Android 1.6 . . . could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."

The vulnerability stems from discrepancies on how Android apps are cryptographically verified, which would allow an attacker to modify application packages without breaking their cryptographic signatures, IDG News Service reported.

"This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key," Lucian Constantin of IDG reported. "The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures."

There is some good news, however. Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on it, he said.

Bluebox Security suggests that Android users exercise caution when downloading an app. Enterprises with BYOD implementations should use this news to prompt all users to update their devices and emphasize the importance of keeping apps up to date all the time.

On the corporate side, information technology specialists should move beyond device management and focus on deep device integrity checking to secure corporate data.

Editor's Note: Get the Navy SEALs Cap – Celebrate Our Heroes

Related stories:

Facebook, Samsung Partnership? Execs Mull Social Network-Friendly Phone


Apple Import Ban on Old iPhones Stokes Samsung Patent War


© 2014 Newsmax. All rights reserved.

Share:
  Comment  |
   Contact Us  |
  Print  
  Copy Shortlink
Send me more news as it happens.
 
 
Get me on The Wire
Send me more news as it happens.
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
 
Email:
Country
Zip Code:
Privacy: We never share your email.
 
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

Black Seadevil Anglerfish With 'Headlight' Captured on Video

Monday, 24 Nov 2014 12:43 PM

A black seadevil anglerfish, the rarely seen deep-water creature with its own "headlight," was captured on video about 2 . . .

Rudy Giuliani's Black-on-Black Crime Views Spark Firestorm

Monday, 24 Nov 2014 12:13 PM

Rudy Giuliani said on "Meet the Press" this weekend that he wishes the media would pay more attention to the far more ra . . .

JaVale McGee Scores With Fan While Chasing Ball (Video)

Monday, 24 Nov 2014 11:27 AM

JaVale McGee of the Denver Nuggets didn't get the loose ball he was chasing down against the New Orleans Pelicans, but h . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

 
NEWSMAX.COM
America's News Page
©  Newsmax Media, Inc.
All Rights Reserved