Discovered by security research firm Bluebox Labs, the vulnerability “allows a hacker to modify APK code without breaking an application’s cryptographic signature.” Um, whatever. Just know that’s a bad thing, and according to Bluebox, 99 percent of Android devices are vulnerable. In much simpler terms, the firm says that this exploit could be used to turn any legitimate application into a malicious Trojan. The app store and the user would never notice. According to the firm, this exploit seems to date back as far as Android 1.6 Donut, possibly further, and “could affect any Android phone released in the last four years, “or nearly 900 million devices.” Such a Trojan could potentially give the malicious application full access to the user’s device and all its applications and data. It could read email, SMS messages, documents and more, it could even retrieve stored account passwords. In short, it could be used to really ruin your weekend. If you’re scan comes back with the warning that Non-Google market Installs are allowed (shown in the image above) you can fix it. Go to Settings > Security and uncheck Unknown Sources. If that isn’t checked you won’t be able to side-load apps, but you can enable it if you need to, then disable it again after the side-load.
You can get more detailed information on the exploit here. The good news is that there are patches on the way from most manufacturers. Unfortunately, that’s up to the maker. We’re sure they want to keep customers, and they will work to fix it. However, for now, what you can do is check your device’s vulnerability.
Bluebox Security Scanner
To check your Android device, download and run the Bluebox Security Scanner.
Here’s some more details about the Bluebox Security Scanner app: Speaking of Android security, you should read our article: Which Free Android Security Device is the Best? In that article, Austin tests and compares three different security apps and Avast comes out as the winner.
Comment
Δ
