More Android master keys lying around

Early last month Google Inc. announced that it had finally patched an Android master key vulnerability that allowed attackers to modify applications for the mobile operating system and turn them into Trojan apps.

Guess what?

There may be more Android master keys lying around for attackers to exploit, according to a speaker at the recent Black Hat hacker convention in Last Vegas.

Jeff Forristal, chief technology officer of mobile security Bluebox Security, who discovered the master key flaw six months ago, said “there are multiple master keys.”

With the original master key, attackers could change legitimate apps without being detected. For instance in a separate Black Hat briefing researchers demonstrated how to alter code in the game Angry Birds to turn an Android phone into a spy phone that could record calls, take pictures with the phone’s camera and send personal data to a command and control server.


Android flaw allows hackers to alter apps
Android finally patches bug: Report
Alternative fixes for Android ‘master key’ vulnerability

Forristal said it took just 17 days from the time details of the original master key flaw were released for an exploit to be found in the wild.

It took seven days from the time of the original exploit, he said, for similar bugs to be discovered in different places.

Forristal said solving the problems is hard because it could never be ascertained how fast carriers or providers of Android phones are installing OS patches or if they are installing patches at all.

Read the whole story here

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now