Vulnerability threatened theoretically 99% of all Android devices




A 4-year-old gap is 99% of all Android devices threaten. The mistake is to put in all Android versions since version 1.6. A ripe old age for a fault that is sufficiently severe. This error should make it possible to change an app without invalidating the signature. The signing of the apps will actually prevent just such manipulations.
Vulnerability threatened theoretically 99% of all Android devices

The good news at the beginning: Who gets its apps exclusively through Google Play is safe from the problem to date. Only those who have the install apps from other sources allowed on his device is threatened by the gap. The thing has a certain irony, of course, from an iOS user, which is held on Android as an advantage of the platform always the possibility of free installation of apps from other sources view. In this case, a disadvantage of the edge.

Is also the problem that was reported in February to Google, the Samsung Galaxy S4 already corrected. But despite the many sales of smartphones , most of the outstanding units in this way remains vulnerable, including the Nexus devices. Especially owners of older devices that are no longer supplied by the manufacturer must be careful with updates in the future especially.

The Problem: The option-signed apps can change unnoticed an attacker to gain full control over the device – and no one notices. Ideal for such an attack are of course always apps, which one grants extensive rights, so for example pre-installed system apps. The suspended on these malware apps then has the rights of the infected app. Depending on the rights assigned as messages can be intercepted or copied, the smartphone can be used for monitoring, etc. At least theoretically, this gap is enormous:

This vulnerability, around at least since the release of Android 1.6 (codename: “Donut”), could affect, any Android phone released in the last 4 years1 – or nearly 900 million devices2-and DEPENDING on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

Not yet known whether and to what extent this gap was perhaps already being used (here just thinks someone at the NSA?), But even without known attack caution. You can protect yourself from sources other than the official Google Play Store, at least you should be really careful what apps you installed from what sources. Installations by avoiding


In: Technology & Gadgets Asked By: [18418 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »