Posted on Thursday, July 04 2013 @ 12:14 CEST by Thomas De Maesschalck
Bluebox Security researchers made public that they've found a dangerous security flaw in Android that may affect up to 99 percent of Android devices in existence. The firm claims the vulnerability has existed since Android 1.6, and notes that it notified Google of the exploit in February. Google says it's working on a patch for its Nexus devices, and it seems that the responsibility to issue updates falls to the device manufacturers. Interestingly, Samsung's Galaxy S4 already has the fix, making it one of the few Android devices that's immune to this security flaw.
According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer.
Source Engadget
