This isn’t good news. If you own an smartphone or tablet and it runs Google Android, there may be a security issue that makes it horrifically insecure. Here’s what Bluebox Security had to say:
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
You’ll want to read their report as the implication are just frighting. The only good news is that according to CIO, Samsung has fixed the issue. But only if you own a Galaxy S4. But it’s unclear who else has fixed this and what the timelines are for anyone who makes an Android device to fix this. Oh, the CIO article also states that Google hasn’t officially commented. That doesn’t inspire the warm and fuzzies.
Like this:
Like Loading...
Related
This entry was posted on July 4, 2013 at 2:36 pm and is filed under Commentary with tags Android, Google, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ALL Android Devices May Have Massive Security Hole
This isn’t good news. If you own an smartphone or tablet and it runs Google Android, there may be a security issue that makes it horrifically insecure. Here’s what Bluebox Security had to say:
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years – or nearly 900 million devices– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
You’ll want to read their report as the implication are just frighting. The only good news is that according to CIO, Samsung has fixed the issue. But only if you own a Galaxy S4. But it’s unclear who else has fixed this and what the timelines are for anyone who makes an Android device to fix this. Oh, the CIO article also states that Google hasn’t officially commented. That doesn’t inspire the warm and fuzzies.
Share this:
Like this:
Related
This entry was posted on July 4, 2013 at 2:36 pm and is filed under Commentary with tags Android, Google, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.