Android ‘Master Key’ Security Hole
18 July, 2013
Android ‘Master Key’ Security Hole
Mobile security startup Bluebox Security has unearthed vulnerability in Android’s security model which it says means that the nearly 900 million Android phones released in the past four years worldwide could be exploited, or some 99% of Android devices. The vulnerability has apparently been around since Android v1.6 (Donut), and was disclosed by the firm to Google back in February. The Samsung Galaxy S4 has already apparently been patched.
The vulnerability apparently allows a hacker to turn a legitimate app
into a malicious Trojan by modifying APK code without breaking the app’s cryptographic signature. Bluebox says the flaw exploits discrepancies in how Android apps are cryptographically verified and installed. Specifically it allows a hacker to change an app’s code, leaving its cryptographic signature unchanged — thereby tricking Android into believing the app itself is unchanged, and allowing the hacker to wreak their merry havoc.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
While 99% of Android phones being technically vulnerable to app hackers is a tough stat to ignore, it’s worth emphasizing that just because such a flaw (apparently) exists it doesn’t mean it has or will be widely exploited — especially as, in this instance, it has been flagged to Google prior to being made public. And Google is presumably hard at work on a fix. So famous and recognized “ Andro” as Georgians call Android could be “free cheese in a mousetrap”.
Getting timely OS (Operating System) updates has always been a problem for Android users (Nexus owners are the exception), owing to Android’s openness necessarily encouraging variation and fragmentation within the ecosystem, with different manufacturer skins and carrier additions all standing in the way and delaying updates. That likely means the window of risk attached to this latest Android vulnerability takes longer to close for the majority of users than many would be comfortable with.
In the meantime, Bluebox advises the following:
Device owners should be extra cautious in identifying the publisher of the app they” want to download.
Enterprises with BYOD implementations should use this news to prompt all users to update their devices, and to highlight the importance of keeping their devices updated.
IT should see this vulnerability as another driver to move beyond just device management to focus on deep device integrity checking and securing corporate data.
Print
Other Stories
The two sides of Georgia
On my first few days in Tbilisi, I stumbled across these two contrasting slogans. One is a testimony of open-mindedness and tolerance,
Mentally Ill or Not?
“The brain is wider than the sky.” Emily Dickinson.
Shall We Dance?
“And those who were seen dancing were thought to be insane by those who could not hear the music.” Friedrich Nietzsche.
Are We the Same or Just Getting Better?
Georgian-born Mancho Busse has been working in hospitality business for many years by now. Her husband, Robin Busse, works for the State Department of The United States,
Eco-Friendly Habits: How to Clean Your Off-Roading Vehicle Responsibly
Irresponsible waste disposal practices continue to have drastic effects on the environment.
 5 Techniques for Finding Your Inner Creativity
Whether you’re a writer, artist, or even a marketing executive, you’ve probably had days where you felt completely uninspired.
A suitcase full of wine and a heart full of memories
I left Switzerland and arrived in Tbilisi on December 28.
Five Reasons to Visit Georgia in 2017
If you've been searching for a unique place to vacation in 2017, the beautiful country of Georgia holds some hidden treasures.
PROMISING FUTURE OF COLLABORATION
“All roads lead to Rome” – states one of the most famous medieval proverbs. It’s fascinating to think how much the narrow streets and glorious walls of this eternal city have seen.
It’s Not So Bad, Chaps- Just Look at the Yanks: Ogden on Comparable Politics
Electoral fever is dying down in Georgia as it ramps up in the United States.
 “Moral Inversion” - Pre-election period in Georgia
Georgian pre-election period can be classified as “Moral Inversion”, a notion first put forward by Michael Polanyi.
America’s Trump Card
Like it or not, the name of the 45th American President will most likely be Donald Trump.
Clock is not counting down, it is adding up!
On Saturday for the ceremony in Charleston, instead of wedding gifts, the Managing Editor of Georgian Journal, Will Cathcart
A Protectionist Perspective: Ensuring A Georgian Future
Unlike many of my compatriots, I view my country as a sentient creature, a single organism. The mountains
Back in BSSR
"I remember that when I was a schoolgirl, they told us we have to be ready to give our lives for the motherland.
Thank you, father, for saving me from USSR!
On the 11th of October, the population of Belarus has elected Alexander Lukashenko to serve his fifth term
The EU Getting Squeezed in Georgia
Recent polls have shown that the EU is less and less popular in Georgia. The reason is that they
What is Georgia’s Military For?
There are two possible uses for Georgia’s military. The first would be to fight a war with an external threat or by its existence, to deter
Protohack
Last weekend I went to a hackathon in San Francisco called Protohack. In the former Soviet Union, people tend to think of hacking
European Migrant Crisis: The good, the bad and the liar
“I call an animal, a species, an individual corrupt, when it loses its instincts, when it prefers what is injurious
Refugees in Georgia
The people of Syria see the Assad regime weakening, and considering who may take over and what they might
David and Goliath: A Realpolitik Rendition
A Conservative Contrarian View on Georgia’s Geopolitical Dilemma
The Bleeding of Rustavi 2 - Our New August Surprise
When the powerful have to make something happen that they want few people to notice, they issue the statement late in the afternoon
The Good Neighbor
In 2012, Georgia was promised to witness what ex-Prime Minister Ivanishvili called “a new age.” It would be achieved by “restarting”
Independence, Institutions and Corruption
People talk about Georgia choosing between Russia and the West as if Georgia ended up at a soccer game and, well, since we’re here we may
PHOTO OF THE DAY
Exchange Rates
GEL Exchange Rate
Convertor
23.09.2018
24.09.2018
USD
1
USD
2.6216
2.6216
EUR
1
EUR
3.0854
3.0854
GBP
1
GBP
3.4584
3.4584
RUB
100
RUB
3.9340
3.9340
Other Stories
GEL Exchange
USD
1
USD
2.6216
EUR
1
EUR
3.0854
GBP
1
GBP
3.4584
RUB
100
RUB
3.9340