Now talking about Android vulnerability which exists on 99 percent of their handsets allowing patchers and crackers to modify applications on the phone for their own illigal uses. Android may have been advanced in the past couple of years to offer a level of user experience competing with the skinniness of iOS. Thanks in part to its open-source nature, the levels of malicious software and security holes have been a cause for great concern.
Now, researchers have discovered a vulnerability in Android that makes any Android device released in the this four years vunerable to hackers who can read your data, get your passwords, and hijack any function of your phone, including sending texts, making phone calls, or turning on the camera and on.
This is yet another security vulnerability allowing an unscrupulous individual to potentially take full control of your control of your Android smartphone. That’s almost 900 million Android-based devices globally!
According to the Bluebox CTO Jeff Forristal, it’s “A Trojan application” which has the ability to read arbitary application data on the device (such as emails, SMS text messages, documents, etc), retrieve all stored account and service passcodes. Essentially take over the normal functioning of the phone and control any function”.
Importantly, this exploit takes advantage of the method by which Android apps are signed to ensure authenticity, preventing users from installing apps modified by a third-party other than the intended developer. Cracks out! The folks of mobile security firm Bluebox have also noted that the flaw has existed since Android 1.6, which officially released almost four years back, and nay hacker looking to patch it could play around with app codes, keyloggers and such without needing to consult the verification signature. That’s wasn’t a huge problem, but 99% of the devices on the market right away are affected bt this flaw. Now that’s a massive attacking issue!
Malicious and cracked apps would, in turn, be able to work the same way with powers and authority as the genuine ones, and this would certainly spell trouble for anybody whose device was infiltrated. Bluebox also said, that illigal access could be particularly sinister if the modified app is one pushed as stock by the manufacturer or manufacturing partners, while these apps tend to enjoy stronger access and privilegas. Means, any app — that looks perfectly safe and legitimate to an app store, a device, an engineer, or a user actually could actually have malicious code embedded within it.
If your device is infected that your device’s native apps are impossible to install, move, and have the ability to make many changes and particularly fly without a license at times, the culprit could theoretically do the same, but with potentially dire consequences. Note is that could also present more of a headache in the coming future if, say, your bank details were found and used as well. Hijacked!
The vulnerability has been dubbed Android security bug 8219321.The security firm will showcase its findings more thoroughly at the Black Hat USA security conference in Las Vegas in later July. Samsung’s flagship handset – the Galaxy S4 was recently updated with a fix for the issue, making it the only Android smartphone that is now invulnerable to the flaw, which Forristal confirmed to CIO.
Like most Android issues, this is yet another one pretty much avoided so long as you stick with the Google Play Store, and beware, not using those notoriously dodgy third-party or cracked apps offerings. Soon, Google will continue to take preventative steps to ensure such a thing doesn’t become a widespread issue. (Source: Bluebox)