OH SHIT! Android's asshole securiry threat Big Time!

[Sammyboy RSS Feed]

An honorable member of the Coffee Shop Has Just Posted the Following:

http://m.designntrend.com/articles/5...oid-phones.htm


BACK NAV
Jul 04, 2013 10:30 AM EDT
'Master Key' Bug Could Allow Hackers Access To All Android Phones
Timothy Koppe

REUTERS/Beck Diefenbach
Security firm BlueBox has discovered a "master key" that has the potential to allow hackers and cyber thieves' access to virtually all Android phones.
According to the firm, the security bug has the potential to be exploited to allow an attacker to do what whatever they want to a phone, such as stealing data, eavesdropping or using it to send junk messages.
The company has said that the loophole has been present in every version of the Android operating system released since 2009. Despite the discovery of the massive security loophole, Google has yet to comment on BlueBox's discovery.
Writing on the BlueBox blog, Jeff Forristal, said the implications of the 'master key' were "huge".
The 'master key' works because of the way Android handles cryptographic verification of the programs installed on the phone. Android uses those signatures as a way to check that an app or program is legitimate and to ensure it has not been tampered with. Forristal and his colleagues realized that hackers could trick this process, going around the verification and making Android phones recognize apps that are malicious as benign.


Any app or program written to exploit the bug would enjoy the same access to a phone that the legitimate version of that application enjoyed.
"It can essentially take over the normal functioning of the phone and control any function thereof," Forristal wrote. BlueBox reported finding the bug to Google in February.
*
*
Email Tweeter Facebook



Go to Full WebSite
Follow:
© Copyright 2013 Design & Trend.


Click here to view the whole thread at www.sammyboy.com.