Security researchers from bluebox has discovered a 4 year old Android bug ( since Android 1.6 Donut,) and affects 99 percent (or nearly 900 million devices) of devices released in the last 4 years.
This Android vulnerability allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end-user.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed.
The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords,
it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.
The Bluebox team says the vulnerability was disclosed to Google in February 2013. Now it’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates).
[via]
The post 4 years old Android bug affects 99 percent of devices appeared first on Hack Illusion.
No comments:
Post a Comment