Tags: android | master key | security | flaw

Android 'Master Key' Security Flaw Affects 900M Google Devices

Friday, 05 Jul 2013 09:06 AM

By Clyde Hughes

Tech experts warned Android users of a security flaw this week: Hackers could modify an Android code into a "master key" that could turn 99 percent of the devices dormant and make them vulnerable to data theft.

Jeff Forristal, of Bluebox Security, wrote on his corporate blog that the security flaw could affect any Android device that has been purchased in the last few years. 

Editor's Note: Do You Support Obamacare? Vote in Urgent National Poll

"The implications are huge," Forristal said on his blog. "This vulnerability, around at least since the release of Android 1.6 . . . could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."

The vulnerability stems from discrepancies on how Android apps are cryptographically verified, which would allow an attacker to modify application packages without breaking their cryptographic signatures, IDG News Service reported.

"This is important for the Android security model because it ensures that sensitive data stored by one application in its sandbox can only be accessed by new versions of that application that are signed with the original author's key," Lucian Constantin of IDG reported. "The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed APKs without breaking their signatures."

There is some good news, however. Forristal confirmed that one third party device, the Samsung Galaxy S4, already has the fix, which indicates that some device manufacturers have already started releasing patches. Google has not released patches for its Nexus devices yet, but the company is working on it, he said.

Bluebox Security suggests that Android users exercise caution when downloading an app. Enterprises with BYOD implementations should use this news to prompt all users to update their devices and emphasize the importance of keeping apps up to date all the time.

On the corporate side, information technology specialists should move beyond device management and focus on deep device integrity checking to secure corporate data.

Editor's Note: Get the Navy SEALs Cap – Celebrate Our Heroes

Related stories:

Facebook, Samsung Partnership? Execs Mull Social Network-Friendly Phone

Apple Import Ban on Old iPhones Stokes Samsung Patent War

© 2015 Newsmax. All rights reserved.

Around the Web
Join the Newsmax Community
Please review Community Guidelines before posting a comment.
>> Register to share your comments with the community.
>> Login if you are already a member.
blog comments powered by Disqus
Zip Code:
Privacy: We never share your email.
Hot Topics
Follow Newsmax
Like us
on Facebook
Follow us
on Twitter
Add us
on Google Plus
You May Also Like

The 2016 'Book Race': GOP Candidates Like Ben Carson, Huckabee Sell Like Hotcakes

Friday, 30 Jan 2015 20:50 PM

If potential Republican presidential candidates' recent book sales are a strong indication of their electability, then B . . .

Smoke on Boston Train Scares Passengers Who Bust Out Windows to Escape

Friday, 30 Jan 2015 19:37 PM

A commute on Boston's Red Line Thursday morning turned into chaos as smoke filled the train and passengers broke out win . . .

Seth Jackson Sentence: Foster Dad Gets 32 Months in Hot Car Death

Friday, 30 Jan 2015 18:50 PM

Kansas foster dad Seth Jackson was sentenced to 32 months in prison Friday for the July death of a 10-month-old girl who . . .

Top Stories

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved