Advertisement

Android Security Hole Could Affect 99% of Devices

by Sean P. Aune | July 4, 2013

Angry Evil Android

A newly uncovered security flaw in Android could leave as many as 99 percent of the devices currently in circulation vulnerable.

According to a newly released report from Bluebox Security, there is a security flaw that has existed in Android since version 1.6, Donut. The security flaw allows app developers to modify the code of legitimate APK files without breaking the cryptographic signature, meaning that the files could still be loaded as coming from a trusted source. The malicious parties would need to trick someone into installing the software, but they could potentially masquerade as an update from the manufacturer, the most trusted of all software in the eyes of the majority of users. Luckily they wouldn’t be able to push these out over the air (OTA), so that delivery method should still be considered to be safe.

Bluebox CTO Jeff Forristal says that it notified Google as early as this past Feb. of the security hole, but in an interview with CIO he said that only one third-party phone has thus far patched the issue, that being the Samsung Galaxy S4.

At this time it is unknown when any other security patches will roll out to fix the other Android devices in circulation, so the best bet is to make sure that you only download software from the most trusted sources such as the Google Play store or updates that arrive via OTA from your phone’s manufacturer.

Bluebox Security CIO Engadget

Advertisement


Sean P. Aune

Sean P. Aune has been a professional technology blogger since July 2007, but his love of tech dates back to at least 1976 when his parents bought...Sean P. Aune has been a professional technology blogger since July 2007, but his love of tech dates back to at least 1976 when his parents bought...


Advertisement

Advertisement