Every security investigator’s holy grail is to find that ONE key that can open pandora’s box to an entire computing system.
Jeff Forristal of Bluebox Security recently unmasked major security vulnerability (master key vulnerability) on android that caused ripples amongst security buffs and android fanatics on the popular web. The vulnerability, quite a surprise considered the vast popularity enjoyed by the android mobile OS, involves a feature that is actually meant to help keep android secure. Well, the exploit lies in how the mobile OSverifies JAR/ZIP and APK files.
Reports from credible sources indicate that over 900 million android phones and tablets could have been affected by a vulnerability of such proportions. And considered that this exploit has been around for quite a number of years, ever since the release of the Android Donut O.S (Android 1.6) -scores of android devices could remain susceptible for months to come…
Google doesn’t control how android upgrades are propagated to devices, which is up to the manufacturers and device makers. But the tech giant did not fall short of addressing this issue. There’s now an app (Bluebox Security Scanner) available in the Google store that you can use to establish whether your handset is vulnerable. This app, however, does just that – SCAN. Gina Scigliano, Google’s Android Communications Manager, said that she could “confirm that a patch has been provided to our partners – some OEMs, like Samsung, are already shipping the fix.”
Android users will have to wait and reply upon their respective device manufacturers for this update.
Other than that, there is nothing more you can do if at all you find your android device to be vulnerable. It seems we are just going to have to wait and see what comes up to fix this. For now, you’ll need to be a little more careful when downloading third party applications.
But not to worry, we’ll be following up on this, so you can be sure to have an update the minute there’s one.
- Via BlueBox