Showing posts with label Android master key. Show all posts
Showing posts with label Android master key. Show all posts

Exploit (& Fix) Android "Master Key"

Earlier this year, Bluebox Security announced that they had found a bug in Android that could be used to modify the contents of any application package (including ones distributed as part of the system software) without affecting the attached cryptographic signatures; details to be disclosed at Black Hat USA 2013.

http://www.saurik.com/id/17
Android Master Key
However, enough detail was disclosed in the abstract of the talk that others were able to find this bug. Later, a patch was applied to the popular open-source Android ROM CyanogenMod, making the issue both public and obvious: there are now proof-of-concepts for how this bug might be used in concrete form.

Tags: , , ,

Scan your device for the Android “MASTER KEY” vulnerability

Bluebox have released a free app to help consumers and enterprises manage the risk around the “Master Key” vulnerability. The Bluebox Security Scanner app produced by their research team allows you to directly check if your Android device has been patched for this vulnerability without the hassle of having to contact the device manufacturer or mobile carrier. It will also scan devices to see if there are any malicious apps installed that take advantage of this vulnerability. Once the bug is discovered The Bluebox Security set out to create a tool to help individuals to evaluate their risk and that app is now available for free at both Google Play and Amazon AppStore for Android.

http://bluebox.com/?p=721
The Bluebox Security Scanner
Tags: , , , ,

Major app vulnerability that could affect 99% of Android devices unearthed

http://thenextweb.com/google/2013/07/04/major-app-vulnerability-unearthed-could-affect-99-of-android-devices/
Major app vulnerability
A vulnerability that could affect 99 percent of the world’s Android-powered phones and tablets has been unearthed within the Google-owned platform. Since more than 900 million Android devices have been activated, we’re filing this in the ‘major vulnerability’ folder.

Bluebox Security says it found ‘the Android master key’ which could allow a hacker to turn virtually any Android app into a malicious “zombie”. In other words, malware could allow hackers to remotely capture data and control functions on a device — such as calls and messages — all without raising the attention of the phone owner, Google or the app developer.

Tags: , , , , ,
Subscribe to: Posts (Atom)