ublished apps that cryptographic signature bypass Android




Security firm Symantec has discovered applications that abuse vulnerabilities in the cryptographic signature in Android. As a result, there is code in the apps be changed without this change the cryptographic signature.

Symantec is it two apps that are mainly distributed in China. These are legitimate apps used in China to experience, doctor’s appointments according to the security company. Attackers would the source file of both applications have been modified without leaving the cryptographic signature changed, a vulnerability in Android which earlier this month was published . Then the apps distributed by the hackers.

In the apps is hidden code that allows access to the device on which it is installed. Hackers remote access In addition, it is possible to steal personal information, and to send. Expensive SMS text messages The code was hidden inside a apk file by creating a second classes.dex file:. Herein is normally code for an Android app stored. There was also a second AndroidManifest.xml file is created the permissions an app to adjust.

For users are indistinguishable from legitimate apps. Infected apps However, it seems likely that apps that are adjusted by hackers download stores such as the Play Store will appear. Android users are particularly at risk if they thereby software application outside the shop to install. Incidentally repaired Google recently the bug in a new version of its Settings application. Who set that must be protected against the bug. Apps installation verified This setting only older Android devices, with an Android version lower than 2.3, still susceptible.


Tags: ,

In: Technology & Gadgets Asked By: [15470 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »