Android Phones Vulnerable to Hackers
Android is the most popular mobile operating system in the world, installed on three quarter of a billion devices. Having a master key to all of those would give a hacker near-total control in the mobile world. Fortunately, this doomsday scenario has been narrowly avoided.Think your Android Phone has been hacked? We can help you out!
Bluebox Labs, a computer security company, recently discovered http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/ a vulnerability in the Android operating system that leaves “99%” of Android users open to the possibility of malicious software. But the most shocking thing about this discovery is not only the breadth of the vulnerability, but its depth as well.
The “Master Key” vulnerability, if used by a hacker, would allow them to access all of a user’s data on their phone. This includes text messages, account access, and photos. It is unknown at this time the full extent of this vulnerability’s use.
This vulnerability makes it possible for a hacker to change the code of an app without modifying its cryptographic signature. What this means in practical terms is that a hacker could develop an app and deliver it to the Google Play store and have it downloaded by people wanting to use its functionality. Those who download the app would confirm the app’s access to the file system. Then without anyone’s knowledge, the hacker could then change the code of the app to act as a trojan horse, gathering data and personal information from the user’s phone. This process would be invisible to the user, aside from a slight slow-down.
“We have not seen…any exploitation”
Now the good news is that the vulnerability has already been patched by Google. They’ve shipped it to providers like MetroPCS and Verizon, who will deploy the update to their users’ phones in the next few weeks.
More good news: According to a statement http://www.zdnet.com/google-releases-fix-to-oems-for-blue-security-android-security-hole-7000017782/ sent by Gina Scigliano, Google’s Android Communications Manager, “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools.” So in the meantime while you’re waiting for your phone to update, don’t download any sketchy apps. If you’re worried that you may have been infected already, you can install https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner to check for infection.