Protectors circumvent cryptographic signature Android Apps




Protectors circumvent cryptographic signature Android Apps

A leak in the security of Android makes it possible to modify code in an app without changing the cryptographic signature. The vulnerability works on almost all Androids, but the risk seems limited.

Evil Android The vulnerability was found by Bluebox, a startup that specializes in the security of mobile devices. Bluebox paste code. Apk files, without the cryptographic signature of the app changed. Therefore it seems that the infected app is not changed. The flaw is present since Android 1.6 and according to the hackers apply to 99 percent of all Android devices.

Lies the greatest risk, according Bluebox that can be installed by the manufacturer of the phone. Also infected apps These apps usually have special permissions, thereby injecting own code in these apps can ensure that there is full control over the device obtained. Stored data such as text messages, e-mail and documents could be read but there is also access to passwords and phone functionality.

However, the risk of the bug seems small. Users must, however, download the infected app itself. Android users that official apps out of the Play-store will therefore not quickly confronted with the hole in the Android security. Downloading apps from websites or alternative download stores may, however risky, but Android phones are only installed if the user indicates apps outside the Play Store to want to install.

The bug is reported by Bluebox to Google in February and according to Engadget is the recently released Samsung Galaxy S4 already immunized for the error in the Android security. During the Black Hat hacker conference, which takes place in late July, will Bluebox explained how to do exactly bypassed security, the details of the leak are currently unknown.



In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »