Vulnerability detected in Android’s security model

Hackers have exploited a vulnerability in the Android system's security model, which has enabled them to modify the APK code without breaking the application's cryptographic signature.

The issue was discovered by the Bluebox Security research team, which noted that any legitimate application could be turned into a malicious Trojan.

When installing a Trojan application from the device manufacturer, it can then be given full access to the Android system and all its applications that are currently installed.

Arbitrary application data such as email and SMS can therefore be read.

This could go unnoticed by the phone, app store or even the user, making this a potentially dangerous threat to mobile application security.

It is estimated that the Trojan could affect any Android handset released since 2009, which is believed to equate to as many as 900 million devices.

In light of this discovery, Android phone users are advised to make sure they exercise extra caution when identifying the publisher of the app they want to download.

Not only this, companies that operate bring your own device systems should encourage all users to update their devices, as well as emphasise how important it is to do this in the future.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s