Android Major Security Flaw Lets Hackers To Modify Any App

Researchers stated they have discovered the Android major security flaw lets hackers to modify any app. The weakness includes the way legit Android apps are cryptographically signed to guarantee that they have not been changed by people other than the reliable developer, reported by a blog post posted Wednesday by experts from mobile security start-up “Bluebox”. The flaw has been around since release of Android 1.6 nearly 4 years ago. The hackers who manipulate the weakness can change the app code to put keyloggers, backdoors or other harmful features without having altering verification signature.

Harmful apps that use the weakness would get pleasure from the same system liberties much like legitimate one. That accessibility of apps might be risky if the app that is changed came from the device manufacturer or 3rd parties that companion with manufacturer, Wednesday’s post stated. That is because these kinds of apps are generally provided improved privileges inside the Android OS.

“The application then not only has the ability to read arbitrary application data on the device (e-mail, SMS messages, documents, etc.), [and] retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls),” the blog post said. “Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.”

You May Also Like These

1. Google Drive For Android And iOS Updated, Now Lets You Edit And Collaborate Docs On The Go And More
2. Jukebox for Android Lets You Play Your Music Directly From The Cloud Free Of Cost
3. Security Flaw In iOS Allows SMS Spoofing On iPhone, Reveals Pod2g
4. New Android Malware Surfaces, Buys Apps Without User’s Consent, How Courteous!

While it will be harmful if the hacker been able to have such a modified APK into Google Play Store, or for some reason use strategy to hijack any update procedure of the legitimate apps, there are most likely safety measures already available to avoid such assaults.

Like other Android problems, this particular one is very much prevented provided that you adhere with the Google Play Store and do not use those infamously bogus 3rd-party apps. However being Android user, I do discover this finding to be rather upsetting, and hope that Google will proceed to take precautionary steps to guarantee such things does not become a wide-spread problem.

(Source: Bluebox)