Latest in Android

Image credit:

Bluebox reveals Android security hole, may affect 99 percent of devices

Zachary Lutz
07.04.13
Share
Tweet
Share

Sponsored Links

Researchers at Bluebox Security have revealed a disturbing flaw in Android's security model, which the group claims may affect up to 99 percent of Android devices in existence. According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer.

Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit -- which suggests that a security patch may already exist. Forristal further claims that Google is working on an update for its Nexus devices. In response to our inquiry, Google told us that it currently has no comment. We certainly hope that device manufacturers do the responsible thing and distribute timely security patches to resolve this issue. Absent that, you can protect yourself by installing updates through the Play Store and Android's built-in system update utility.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Google's new emulator makes Android Automotive development easier

Google's new emulator makes Android Automotive development easier

View
Watch the final 'Star Wars: The Rise of Skywalker' trailer

Watch the final 'Star Wars: The Rise of Skywalker' trailer

View
What's on TV this week: 'The Outer Worlds'

What's on TV this week: 'The Outer Worlds'

View
Adobe may reveal Illustrator for iPad in November

Adobe may reveal Illustrator for iPad in November

View
NVIDIA's EGX supercomputer tech can crunch 1.6 terabytes a second

NVIDIA's EGX supercomputer tech can crunch 1.6 terabytes a second

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr