Di Posting Oleh : Crew Blog
Kategori : Android APPS Security
Earlier this month one of the most threatening vulnerabilities in the history of Android set the Android Developer and User communities abuzz -The Master Key Vulnerability, reported by Mobile security firm Bluebox Inc.More than 900 million Android devices are believed to be vulnerable to attacks on account of this right from Android 1.6.
What is Master Key vulnerability
It is basically a flaw in Android security modules which allows the code of an App (APK file) to be modified without changing its cryptographic signature.All Android apps have cryptographic signatures which Android uses to determine the legitimacy of the app.The vulnerability thus may be exploited by hackers to trick Android to believe that an App is legitimate even if it has been modified with malicious intentions.
Potential threats
Threats range from data theft, snooping to taking complete control of your Android device - making calls, SMS, call recording and more.Hackers may use the device as bots to create potentially threatening networks called Botnets to execute illegal activities.
Checking and fixing the vulnerability
Bluebox Security Scanner is a free App released by Bluebox to detect the vulnerability and affected Apps.
Google has already issued patches to OEMs (Samsung, Sony, HTC and other Android device manufacturers) to fix the issue.So, it is most likely that you may resolve the issue for your device with the latest Software update that includes OS patches and firmware updates.The update may take time depending on the hardware configuration of your device, so be patient to avoid any undesirable consequence.
For those who haven't got the update from their device manufacture, the app - Rekey (requires Root access) can check as well as patch the vulnerability.
As a precautionary measure installation of non-market apps should be avoided as they are more likely to be laden with malicious code to exploit such kind of vulnerabilities.