2013-07-09

99% of Android Devices Vulnerable

Impact:  Every device sold since Android 1.6 (Donut); that is, nearly 900 million device
[Quote] The vulnerability is a code signing flaw. Developer's 'sign' their apps with a cryptographic signature. That way, only the app developer is able to update or modify an existing app, because only the developer has the signature. Bluebox has discovered a way to subvert this. "This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application
Blog from the Bluebox - a new player in the market

Update 17-Jul-13: 
A second similar master-key vulnerability has been discovered.

No comments:

Post a Comment