blueboxsecurity
Latest
Check if your Android phone is patched against the 'Master Key' exploit with this app
After discovering a longstanding exploit in Android firmware dating back to version 1.6 that allowed malicious developers to circumvent software security measures, Bluebox Security released an Android app this week for users to check whether their phone is still vulnerable to the exploit. Since Bluebox's report last week, Google acknowledged the issue and released a patch that it says is in the hands of OEMs and already being pushed out by certain manufacturers (Samsung, for one). The app is thankfully free, and should provide some much-needed reassurance to most Android users. Head to the source link below to snag it for yourself.
Google plugs Android APK security hole, says partners have patched code
Bluebox Security unearthed a potentially devastating Android security issue last week that would allow hackers to turn legit APKs into malware. Less than a week later, Google's Android Communications Manager, Gina Scigliano, told ZD|Net that the bug has officially been squashed and that partners have received the right patches -- Samsung is already shipping devices that are inoculated against the exploit. Play by the rules by installing apps from the Google Play Store and you never have to worry, but if you want to be on the safe side, give Lookout Security a spin.
Bluebox reveals Android security hole, may affect 99 percent of devices
Researchers at Bluebox Security have revealed a disturbing flaw in Android's security model, which the group claims may affect up to 99 percent of Android devices in existence. According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer. Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit -- which suggests that a security patch may already exist. Forristal further claims that Google is working on an update for its Nexus devices. In response to our inquiry, Google told us that it currently has no comment. We certainly hope that device manufacturers do the responsible thing and distribute timely security patches to resolve this issue. Absent that, you can protect yourself by installing updates through the Play Store and Android's built-in system update utility.
