Android flaw lets attackers modify apps without breaking signatures

Full Read Here: http://www.computerworld.com/s/arti...pps_without_breaking_signatures?taxonomyId=17

 

Thanks for this. News such as this is disturbing for Android phone users.

The same information or similar information can be read here:
http://venturebeat.com/2013/07/03/m...-take-over-and-control-99-of-android-devices/

 

So it's a smarter trojan blocked by Google Play. Should I worry about my manufacturer's updates? Or compromised SIM's? Cause I only really care about prevention, which doesn't seem so hard in this case.

 

Yeah as I posted in the duplicate thread This attack vector has been known for a long time now and won't effect 99% of most people. I don't know why these companies spread such FUD. It only effects you if you use third-party markets or apps from unknown providers.

 

Google: Critical Android security flaw won't harm most users.

http://www.cso.com.au/article/514457/google_critical_android_security_flaw_won_t_harm_most_users/

Determine if your device is affected: https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

 

Interesting.

 

The latest release of Qihoo's 360 Mobile Security protects against this.

 

99% of Android's are wide open!

Hi

Holala!
I'm encrypting, I'm complex pass-wording... and now this!

Uncovering Android Master Key That Makes 99% of Devices Vulnerable
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

Here's a techcrunch articles on it
http://techcrunch.com/2013/07/04/android-security-hole/

Proactively here is the scan to check your phone from BlueBox:
https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

The above scanner tells you if your phone is patched or not... and which applications are protected from the scan...

Now for those who failed the check like me...
I would recommend you do a Root Check to see if the phone was not rooted by any potential visitor...

As for all those doing exploits on anything the next step for any exploit on devices is to gain root access...

You can check if you are rooted with this tool:
https://play.google.com/store/apps/...GwsMSwxLDEsImNvbS5qb2V5a3JpbS5yb290Y2hlY2siXQ..

 

Re: 99% of Android's are wide open!

Maybe that's why Marvin is so depressed.

 

Re: 99% of Android's are wide open!

See: Android flaw lets attackers modify apps without breaking signatures
https://www.wilderssecurity.com/showthread.php?t=349850

 

Re: 99% of Android's are wide open!

Yay, another duplicate! Overblown issue as usual.

 

Re: 99% of Android's are wide open!

Well, yes... Noted!

As far as being overblown however take note of the posting of the appropriate tools to demystify the actual impact, which arguably is not entirely clear.

However as with everything security these days the impact is never entirely clear until something actually happens to you then the impact is brilliantly clear, albeit too late.

 

There have been significant findings and differing opinions on this subject.
http://www.welivesecurity.com/2013/07/08/darkleech-and-the-android-master-key-making-a-hash-of-it/

 

Android's very real 'Master Key' vulnerability.

-- Tom

 

New information here:
http://www.theregister.co.uk/2013/07/16/android_sig_vuln_analysis/
And here: (H/T) @ ESET
http://macviruscom.wordpress.com/2013/07/16/another-android-masterkey/

 

Anatomy of another Android hole - Chinese researchers claim new code verification bypass:

http://nakedsecurity.sophos.com/201...searchers-claim-new-code-verification-bypass/