'Master key' to Android phones uncovered

Becky · Jul 4, 2013

This is a little worrying!!

A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.

The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery.

'Master key' to Android phones uncovered

:eek:

muckshifter · Jul 4, 2013

The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.

One other hurdle is that in order to catch out Android users, malicious hackers would have to get their booby-trapped version of a legitimate application on to the Google Play store.

floppybootstomp · Jul 4, 2013

Genuine loophole or publicity ruse for this 'Bluebox'?

V_R · Jul 4, 2013

Remember this...?

http://crave.cnet.co.uk/software/sky-android-apps-and-twitter-feed-hacked-apps-pulled-50011323/

The main issue seems to be if a well known trusted developer is compromised and an infected version silently injected in place of the download of their legit app. Like what happened to Sky... :/

V_R · Jul 24, 2013

Hackers use Android 'master key' exploit in China

A security firm says it has identified the first known malicious use of Android's "master key" vulnerability.

The bug - which was first publicised earlier this month - allows attackers to install code on to phones running Google's mobile operating system and then take control of them.

Symantec said its researchers had found two apps distributed in China that had been infected using the exploit.

Google has already taken moves to tackle the problem.

A fortnight ago it released a patch to manufacturers, but it will not have been sent to all handset owners yet.

Google also scans its own Play marketplace for the exploit, but this will not protect consumers who download software from other stores.

http://www.bbc.co.uk/news/technology-23431281

muckshifter · Jul 24, 2013

Google also scans its own Play marketplace for the exploit, but this will not protect consumers who download software from other stores.

No disrespect the China, but I bet many people don't use the Google Store, are they allowed even?

:user:

'Master key' to Android phones uncovered

Becky

Webmistress

muckshifter

I'm not weird, I'm a limited edition.

floppybootstomp

sugar 'n spikes

V_R

¯\_(ツ)_/¯

V_R

¯\_(ツ)_/¯

muckshifter

I'm not weird, I'm a limited edition.