MADRID, 4 (Portaltic / EP)
team Bluebox security company has found a new vulnerability for Android devices that converts legitimate applications Trojans, going completely unnoticed by the app store, phone or the user. This vulnerability affects any Android devices released in the past four years and depending on the type of application, a hacker can exploit the vulnerability of anything from data theft to the creation of a network of ‘bots’ mobile.
malicious attacks Android devices have already become a classic. Applications that insert fake “malware” on the device or attempt to perform phishing attacks’ is the order of the day. However, a new threat, which goes unnoticed in the eyes of users, you will end dramatically with Android terminal.
According ensures security company Bluebox Security in its latest report, a new vulnerability discovered for Android converts any application installed on the terminal legitimately a Trojan. While the risk for users and businesses is large, this risk is compounded when taking into account the applications developed by device manufacturers like HTC, Samsung, Motorola or LG (KSE: 003550.KS – news), or others working in cooperation with the manufacturer of the device, as they are awarded special elevated in Android, specifically UID system access.
The report explains how this new vulnerability. The vulnerability involves differences in how Android applications are cryptographically verified and fixed, allowing APK code modification without breaking the cryptographic signature.
All Android applications contain cryptographic signatures, which uses Android to determine whether the application is legitimate and verify that the application has not been altered or modified. This vulnerability makes it possible to change the application code without affecting the cryptographic signature of the application, essentially allowing an author malicious Android misled to believe that the application does not change even if it has been.
Details of Android‘bug’ safety were unveiled 8219321 responsibly through Security Bluebox close relationship with Google (NasdaqGS: GOOG – News) in February 2013.
“Everything depends on the ability of device manufacturers to produce and release updates of ‘firmware’ for mobile devices and users to install. The availability of these updates varies widely depending on the manufacturer and model that is concerned “, says the security company.
Related links:
– Bluebox Security (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/).
No comments:
Post a Comment