Latest in Android

Image credit:

First real world 'master key' exploit discovered sneaking malware into Android apps

Share
Tweet
Share

Sponsored Links

Two apps have been discovered on unofficial marketplaces in China that might just be the first in-the-wild exploits of the massive bug found by Bluebox two weeks ago. The so-called "master key" vulnerability, or a least an extremely close relative of it, was the point of entry for malware in these two apps, which now carry code that allows an attacker to remotely hijack a device, harvest sensitive data and even disable a number of mobile security suites. The concern here, is that this particular security hole allowed these alterations to be made without invalidating the apps' digital signatures. So, the malware was able to sneak through filters, hidden as a Trojan Horse inside pieces of legitimate software. Google has already patched the vulnerability, preventing compromised apps from slipping in to the official Play store. Additional updates addressing the flaw have been issued to carriers and manufacturers, but we all know it could be quite sometime before everyone applies the patches to their products.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

iPhone 12 and 12 Pro review: Apple enters the 5G era

iPhone 12 and 12 Pro review: Apple enters the 5G era

View
LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
DJI's Pocket 2 handheld promises higher quality and mods

DJI's Pocket 2 handheld promises higher quality and mods

View
Google adds Nest Secure to its list of discontinued projects

Google adds Nest Secure to its list of discontinued projects

View
LG's latest 55-inch CX OLED smart TV is $500 off at Amazon

LG's latest 55-inch CX OLED smart TV is $500 off at Amazon

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr