POC code for critical Android bug published
Posted on 09 July 2013.
Last week, researchers from Bluebox Security have made a disconcerting revelation: Google's Android mobile OS carries a critical bug that allows attackers to modify the code of any app without breaking its cryptographic signature, and thusly allows them to stealthily plant malicious apps on legitimate app stores and users' phones.

Information about the flaw, which was discovered earlier this year, was shared with Google in February 2013, and has already been fixed. But the main problem is that device manufacturers and carriers are unlikely to be very prompt in pushing out patched Android versions to users, and users of older devices already don't receive receive security updates.

The good news is that the bug hasn't, so far, been spotted being exploited in the wild, but that might soon change as security researcher Pau Oliva published has proof-of-concept code that can exploit it.

Oliva, who is a mobile security engineer at viaForensics, says that he has created the POC after reading details about the bug in a publicly available Cyanogenmod report. The developers of the popular modified Android firmware have already pushed out a patch for it.

According to The Register, the POC doesn't insert malware into the target code - it just allows an app pose as another one. Nevertheless, the information is now out there, and device manufacturers and carriers should now consider quickly shipping out patches for it.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //