Bluebox reveals Android security hole, may affect 99 percent of devices data = {blogUrl: "www.engadget.com",v: 400};when = {jquery: lab.scriptBs("jquery"),plugins: lab.scriptBs("plugins"),eng: lab.scriptBs("eng")}; var s265prop9 = ('20648952' !== '') ? 'bsd:20648952' : ''; var postID = '20648952'; var modalMNo = '93312529', modalVideoMNo = '93320648', modalGalleryMNo = '93304207'; when.eng("eng.omni.init", {pfxID:"weg",pageName:document.title,server:"acp-ld39.websys.aol.com",channel:"us.engadget", s_account: "aolwbengadget,aolsvc", short_url: "",pageType:"",linkInternalFilters:"javascript:,",prop1:"article",prop2:"software",prop9:s265prop9,prop12:document.location,prop17:"",prop18:"",prop19:"",prop20:"", prop22:"zachary-lutz", prop54:"blogsmith",mmxgo: true }); adSendTerms('1')adSetMOAT('1');adSetAdURL('/_uac/adpagem.html');lab._script("http://o.aolcdn.com/os/ads/adhesion/js/adhads-min.js").wait(function(){var floatingAd = new AdhesiveAd("348-14-15-13f",{hideOnSwipe:true});}); onBreak({980: function () { adSetType("F");htmlAdWH("93312529", "LB", "LB"); adSetType("");}}); EngadgetMenu NewsReviews Features Galleries VideosEventsPodcasts Engadget ShowTopics Buyers Guides Sagas Store Hands On More Betterer HD Mobile Alt Announcements Cameras Cellphones Desktops Displays Gaming GPS Handhelds Home Entertainment Household Internet Laptops Meta Misc Networking Peripherals Podcasts Robots Portable Audio/Video Science Software Storage Tablets Transportation Wearables Wireless Acer Amazon AMD Apple ASUS AT&T Blackberry Canon Dell Facebook Google HP HTC Intel Lenovo LG Microsoft Nikon Nintendo Nokia NVIDIA Samsung Sony Sprint T-Mobile Verizon About UsSubscribeLike Engadget@engadgettip uswhen.eng("eng.nav.init")when.eng("eng.tips.init") onBreak({980: function () {htmlAdWH("93312530", "215", "35",'AJAX','ajaxsponsor');}});Bluebox reveals Android security hole, may affect 99 percent of devices MobileBy
Zachary LutzpostedJul 4th, 2013 at 12:08 AM 0
Researchers at Bluebox Security have revealed a disturbing flaw in Android's security model, which the group claims may affect up to 99 percent of Android devices in existence. According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer.
Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit -- which suggests that a security patch may already exist. Forristal further claims that Google is working on an update for its Nexus devices. In response to our inquiry, Google told us that it currently has no comment. We certainly hope that device manufacturers do the responsible thing and distribute timely security patches to resolve this issue. Absent that, you can protect yourself by installing updates through the Play Store and Android's built-in system update utility.
when.eng("eng.perm.init")
0 comments:
Post a Comment