Android flaw lets attackers modify apps without breaking signatures

Discussion in 'other security issues & news' started by asr, Jul 3, 2013.

Thread Status:
Not open for further replies.
  1. asr

    asr Registered Member

    Joined:
    Oct 24, 2010
    Posts:
    91
    Full Read Here: http://www.computerworld.com/s/arti...pps_without_breaking_signatures?taxonomyId=17
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    So it's a smarter trojan blocked by Google Play. Should I worry about my manufacturer's updates? Or compromised SIM's? Cause I only really care about prevention, which doesn't seem so hard in this case.
     
  4. x942

    x942 Guest

    Yeah as I posted in the duplicate thread This attack vector has been known for a long time now and won't effect 99% of most people. I don't know why these companies spread such FUD. It only effects you if you use third-party markets or apps from unknown providers.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Google patches critical Android threat as working exploit is unleashed

    http://arstechnica.com/security/201...droid-threat-as-working-exploit-is-unleashed/
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Google: Critical Android security flaw won't harm most users.
    http://www.cso.com.au/article/514457/google_critical_android_security_flaw_won_t_harm_most_users/

    Determine if your device is affected: https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Interesting.
     
  8. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,234
    The latest release of Qihoo's 360 Mobile Security protects against this.
     
  9. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    99% of Android's are wide open!

    Hi

    Holala!
    I'm encrypting, I'm complex pass-wording... and now this!

    Uncovering Android Master Key That Makes 99% of Devices Vulnerable
    http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

    Here's a techcrunch articles on it
    http://techcrunch.com/2013/07/04/android-security-hole/

    Proactively here is the scan to check your phone from BlueBox:
    https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

    The above scanner tells you if your phone is patched or not... and which applications are protected from the scan...

    Now for those who failed the check like me...
    I would recommend you do a Root Check to see if the phone was not rooted by any potential visitor...

    As for all those doing exploits on anything the next step for any exploit on devices is to gain root access...

    You can check if you are rooted with this tool:
    https://play.google.com/store/apps/...GwsMSwxLDEsImNvbS5qb2V5a3JpbS5yb290Y2hlY2siXQ..
     
    Last edited: Jul 12, 2013
  10. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    Re: 99% of Android's are wide open!

    Maybe that's why Marvin is so depressed.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  12. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Re: 99% of Android's are wide open!

    Yay, another duplicate! Overblown issue as usual.
     
  13. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
    Re: 99% of Android's are wide open!

    Well, yes... Noted!

    As far as being overblown however take note of the posting of the appropriate tools to demystify the actual impact, which arguably is not entirely clear.

    However as with everything security these days the impact is never entirely clear until something actually happens to you then the impact is brilliantly clear, albeit too late.
     
  14. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,089
    Android's very real 'Master Key' vulnerability.

    -- Tom
     
  16. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  17. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Anatomy of another Android hole - Chinese researchers claim new code verification bypass:
    http://nakedsecurity.sophos.com/201...searchers-claim-new-code-verification-bypass/
     
Loading...
Thread Status:
Not open for further replies.