All kinds of Android related news going on today it seems.A vulnerability was discovered in Android phones by the Bluebox Security research team that allows potential hackers to modify APK codes without breaking the cryptographic signature of the application. Hackers can now turn applications into Trojan viruses, which will not be detected by your phone, or even the app store!
This vulnerability has been around since Android 1.6; which leaves any phone released in the last 4 years vulnerable to attack. It also leaves nearly 900 million devices open to this exploit and affected phones can be exploited to steal data, or even become part of someone’s mobile botnet.
For readers currently using the Samsung Galaxy S4, you’ll be pleased to know this bug has been patched, while the line of Nexus products by Google are still being worked on. Unfortunately, older Android devices will not receive a patch. In addition, it is yet to be announced if and/or when, other devices will receive this patch.
For those who may be interested, the Bluebox team will be revealing their research in full at the Black Hat Security Conference later this month.
For those of you with an Android device, how do you feel about this?
UPDATE:
Google has blocked the distribution of apps that take advantage of this exploit via Google Play. However, if the user is tricked into installing an update that is malicious, that app will be replaced with a version of the app does not interact with the app store.
