Earlier this month one of the most threatening vulnerabilities in the
history of Android set the Android Developer and User communities abuzz
-The Master Key Vulnerability, reported by Mobile security firm Bluebox
Inc.More than 900 million Android devices are believed to be vulnerable
to attacks on account of this right from Android 1.6.
What is Master Key vulnerability
It is basically a flaw in Android security modules which allows the code
of an App (APK file) to be modified without changing its cryptographic
signature.All Android apps have cryptographic signatures which Android
uses to determine the legitimacy of the app.The vulnerability thus may
be exploited by hackers to trick Android to believe that an App is
legitimate even if it has been modified with malicious intentions.
Potential threats
Threats range from data theft, snooping to taking complete control of
your Android device - making calls, SMS, call recording and more.Hackers
may use the device as bots to create potentially threatening networks
called Botnets to execute illegal activities.
Checking and fixing the vulnerability
Bluebox Security Scanner is a free App released by Bluebox to detect the vulnerability and affected Apps.
Google has already issued patches to OEMs (Samsung, Sony, HTC and other
Android device manufacturers) to fix the issue.So, it is most likely
that you may resolve the issue for your device with the latest Software
update that includes OS patches and firmware updates.The update may take
time depending on the hardware configuration of your device, so be
patient to avoid any undesirable consequence.
For those who haven't got the update from their device manufacture, the app - Rekey (requires Root access) can check as well as patch the vulnerability.
As a precautionary measure installation of non-market apps should
be avoided as they are more likely to be laden with malicious code to
exploit such kind of vulnerabilities.
0 comments:
Post a Comment