Android 'Master Key' Security Flaw Affects 900M Google Devices

Friday, 05 Jul 2013 09:06 AM

By Clyde Hughes

  Comment  |
   Contact  |
  Print   |
    A   A  
  Copy Shortlink
Tech experts warned Android users of a security flaw this week: Hackers could modify an Android code into a "master key" that could turn 99 percent of the devices dormant and make them vulnerable to data theft.

Jeff Forristal, of Bluebox Security, wrote on his corporate blog that the security flaw could affect any Android device that has been purchased in the last few years. 

Editor's Note: Do You Support Obamacare? Vote in Urgent National Poll

"The implications are huge," Forristal said on his blog. "This vulnerability, around at least since the release of Android 1.6 . . . could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."

The vulnerability stems from discrepancies on how Android apps are cryptographically verified, which would allow an attacker to modify application packages without breaking their cryptographic signatures, IDG News Service reported.

"This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key," Lucian Constantin of IDG reported. "The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures."

There is some good news, however. Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on it, he said.

Bluebox Security suggests that Android users exercise caution when downloading an app. Enterprises with BYOD implementations should use this news to prompt all users to update their devices and emphasize the importance of keeping apps up to date all the time.

On the corporate side, information technology specialists should move beyond device management and focus on deep device integrity checking to secure corporate data.

Editor's Note: Get the Navy SEALs Cap – Celebrate Our Heroes

Related stories:

Facebook, Samsung Partnership? Execs Mull Social Network-Friendly Phone

Apple Import Ban on Old iPhones Stokes Samsung Patent War

© 2014 Newsmax. All rights reserved.

  Comment  |
   Contact  |
  Print   |
  Copy Shortlink
Send me more news as it happens.
Get me on The Wire
Send me more news as it happens.
Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

Cambodia HIV Outbreak: 100-Plus People Diagnosed; Investigation Sought

Friday, 19 Dec 2014 18:50 PM

More than 100 HIV infections in a single Cambodian village have spurred the country's prime minister to ask for an inves . . .

Slender Man Case: Two Girls Competent to Stand Trial in Stabbing

Friday, 19 Dec 2014 18:26 PM

Two girls who allegedly stabbed a 12-year-old friend over the online game Slender Man are competent to stand trial for a . . .

Kate Upton Sexiest Woman Alive; Model Apologizes to Teen Brother

Friday, 19 Dec 2014 17:52 PM

Model Kate Upton was selected as People magazine's first Sexiest Woman Alive, a month after Chris Hemsworth received the . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved