Exploit (& Fix) Android "Master Key"

Earlier this year, Bluebox Security announced that they had found a bug in Android that could be used to modify the contents of any application package (including ones distributed as part of the system software) without affecting the attached cryptographic signatures; details to be disclosed at Black Hat USA 2013.

http://www.saurik.com/id/17
Android Master Key
However, enough detail was disclosed in the abstract of the talk that others were able to find this bug. Later, a patch was applied to the popular open-source Android ROM CyanogenMod, making the issue both public and obvious: there are now proof-of-concepts for how this bug might be used in concrete form.

Tags: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)