montanadave
07-04-13, 21:50
I don't know shit about tech or security issues, but I see plenty of threads here with members chewing the fat about new smart phones and the like so I thought this might be of interest.
I won't try to paraphrase the article, as I'd just muddle it up so here's the opening paragraph (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/)
"The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."
Another article from the BBC (http://www.bbc.co.uk/news/technology-23179522) which says Google had "no comment" on the story.
I won't try to paraphrase the article, as I'd just muddle it up so here's the opening paragraph (http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/)
"The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."
Another article from the BBC (http://www.bbc.co.uk/news/technology-23179522) which says Google had "no comment" on the story.