View Full Version : Massive Android Flaw Allows Hackers To ‘Take Over’ & ‘Control’ 99% Of Android Devices

07-04-2013, 03:53 AM
Bluebox, a mobile security company, said today that it recently discovered a vulnerability in Android that makes any Android device released in the last four years vulnerable to hackers who can read your data, get your passwords, and control any function of your phone, including sending texts, making phone calls, or turning on the camera. That’s almost 900 million Android devices globally.


“A Trojan application … has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords,” Bluebox CTO Jeff Forristal posted. “It can essentially take over the normal functioning of the phone and control any function.”

Bluebox modifed an Android device manufacturer’s application to obtain access to all permissions on the device. The vulnerability is due to “discrepancies” in how Android apps are approved and verified, Bluebox says, allowing hackers to tamper with application code without changing the app’s cryptographic signatures. That means that an app — any app — which looks perfectly safe and legitimate to an app store, a device, an engineer, or a user actually could actually have malicious code embedded within it.

Forristal said that the details of the bug have already been disclosed to Google back in February, and that Google has “notified their device partners.” The problem, however, is that because of Android’s fragmented nature and the fact that device manufacturers and mobile carriers release Android updates sporadically if at all, many Android devices are not running the latest software, and cannot be user-updated.

Source: http://venturebeat.com/2013/07/03/massive-android-flaw-allows-hackers-to-take-over-and-control-99-of-android-devices/#JpS5T2kGKuL0DDx7.99

07-04-2013, 06:31 AM
Jesus 99% of devices.

07-04-2013, 06:47 AM
The same thing can be done with apple apps. I guess this was made public also to make sure ppl stop or refrain from downloading pirated apps, with freedom or other apps.