The Hacker News Logo
Subscribe to Newsletter

Exploit for most critical Android vulnerability publicly released

What if hackers could take an existing legitimate app or update with a valid digital signature, and modify it in order to use it as a malicious Trojan to access everything on your Android phone or tablet?
Last week, researchers from Bluebox Security announced that the Android operating system has been vulnerable to hackers for the past four years, allowing them to modify or manipulate any legitimate application and enabling them to transform it into a Trojan programme.

The bug hasn't, so far, been spotted being exploited in the wild, but technical details and a proof-of-concept exploit have been published for a recently announced publicly by Pau Oliva Fora, a mobile security engineer at security firm ViaForensics.

Jeff Forristal of Bluebox security stated that the security hole as been around since at least Android 1.6, and it could affect all Android devices i.e. around 900 million devices could be affected by hackers.

CyanogenMod, a popular open source distribution of Android 4.1, has now included a patch for the vulnerability in its firmware code.

Today Google has also released a fix for this particular critical vulnerability, and released to original equipment manufacturers (OEM)s.

In the meantime, if you are running a device that may be vulnerable to this exploit, you should be advised to only install APKs from completely trusted sources, such as the Play Store.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.