Security researchers claim they've found a nasty bug in the Android operating system which they say allows malicious trojans to masquerade as verified apps. According to the security team at Bluebox Labs, the bug has existed since Android 1.6 Donut, and affects "99 percent" of devices on the platform.
Normally applications are verified by cryptographic signatures, so that modified updates will be rejected if the key doesn't match the one provided by the developer. But Bluebox claims it has found a way to modify and app's APK file without breaking their signatures, potentially allowing malicious code to be installed if an attacker can find a way to send the user a modified software package.
How that distribution would actually occur is...
via The Verge - All Posts http://www.theverge.com/2013/7/3/4491862/four-year-old-android-bug-affects-99-percent-of-devices
No comments:
Post a Comment