Friday, July 5, 2013

New Android Security hole

So am not the first to bring this to others attention.  I've seen several articles on it over the last week on the Android "Master Key" vulnerability.

Basically, researchers at Bluebox Security have found this security hole that has been present in all version of Android since v1.6.  The firm informed Google about this in February.  The Samsung Galaxy S4 supposedly has been patched for it.  No word on any other Android device.

More information on it will be forthcoming at the Black Hat Security Conference.  But for right now, you can check out their blog posting HERE on it.

Now, a basic thing about this issue is that it is exploited by malicious apps.  And malicious apps, despite tools like Bouncer in the Google Play Store, can still be put up there.  Patching Android is always a tough thing, because the process has to include both the manufactors and the carriers.  According to a recent item on CIO, Google has already updated Play Store to block apps that take advantage of the issue.  But I hope people see that as only a stop gap to getting the Android OS itself patch.

For those interested, here are the articles I've see so far on this:

Bluebox Blog
Techcrunch
Android Central
CIO



3 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Is is possible in android phone to hole in the security.please explain ii. really want to know about this.please post in next thanks for sharing.Android News

    ReplyDelete
  3. Hmm… I read blogs on a similar topic, but i never visited your blog. I added it to favorites and i’ll be your constant reader. click here to learn more

    ReplyDelete