Quantcast
Channel: Androidizen » Androidizen
Viewing all articles
Browse latest Browse all 143

Android Bluebox Security Scare What you need to know

$
0
0

If you’ve heard about the new security scare for Android phones then don’t panic – but you do need to take care over downloading apps.

This is something that was discovered by the Bluebox Security team and it affects most handsets since Android 1.6, the Donut version, which haven’t been patched. Bluebox think that up to 900 million devices could be susceptible, which is about 99% on the market!

However, if you’ve rooted and ROM’d your smartphone then you’re OK, although there are other security concerns with doing that to your device.

The way that rogue devs work is that Android apps all have an encrypted key and updates need the same digital key to overwrite.

Android Bluebox Security Scare

What Bluebox have found is that these digital demon hackers have been able to jemmy their way into an Android app and Trojan the code for their own purposes without altering the encrypted key.

The danger is that when you next update the app you might download the rogue version without realising it, giving a malevolent third party access to your Android system. You won’t know it either, because these hackers are clever enough to hide their tracks, as far as the user is concerned, the app is behaving just as you would expect it to.

While the app is sitting on your phone it could access your credit card info, data, passwords, system info, make phone calls, send SMS messages, anything it wants to snoop on. It could also become part of a zombie system to create a botnet.

This problem has been known about for the last four months and Samsung has already sorted out a fix with the Galaxy S4 but at the moment not their other devices. HTC hasn’t yet got a fix for any of its phones.

However, yes, it is a bit of a worry that rogue devs may be able to open an Android app and then change the code but the Google Play Store has been patched to prevent any rogue downloads. So as long as you don’t downloads apps from anywhere else you’ve got no worries.

If you also get apps from other places then you might want to hold back for the moment until a fix is released. According to Bluebox Security it’s not a difficult thing to do because the fix is two lines of code in a specific location. The challenge is issuing a firmware update.

In the meantime you need to go into Settings, Security and uncheck the box that says Unknown Sources – Allow installation of apps from sources other than the Play Store. You can also make sure the box to Verify Apps – Block or warn before installing apps that may cause harm – is checked.

If you root your phone you can install a ROM with a fix but it’s a timely warning really to avoid installing hacked apps, no matter how tempting it might be. Keep your virus protection up to date as well.

If you want to follow this saga more closely then Bluebox Security will be disclosing more about it at the Black Hat Briefings in Las Vegas on August 1.

The post Android Bluebox Security Scare What you need to know appeared first on Androidizen.


Viewing all articles
Browse latest Browse all 143

Trending Articles