An Interest In:
Web News this Week
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
- April 11, 2024
- April 10, 2024
First real world 'master key' exploit discovered sneaking malware into Android apps
Two apps have been discovered on unofficial marketplaces in China that might just be the first in-the-wild exploits of the massive bug found by Bluebox two weeks ago. The so-called "master key" vulnerability, or a least an extremely close relative of it, was the point of entry for malware in these two apps, which now carry code that allows an attacker to remotely hijack a device, harvest sensitive data and even disable a number of mobile security suites. The concern here, is that this particular security hole allowed these alterations to be made without invalidating the apps' digital signatures. So, the malware was able to sneak through filters, hidden as a Trojan Horse inside pieces of legitimate software. Google has already patched the vulnerability, preventing compromised apps from slipping in to the official Play store. Additional updates addressing the flaw have been issued to carriers and manufacturers, but we all know it could be quite sometime before everyone applies the patches to their products.
Filed under: Software, Mobile, Google
Via: Ars Technica
Source: Symantec
Original Link: http://www.engadget.com/2013/07/24/master-key-exploit-in-the-wild/?utm_medium=feed&utm_source=Feed_Classic&utm_campaign=Engadget
Engadget
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics. Engadget was launched in March of 2004 in partnership with the Weblogs, Inc. Network (WIMore About this Source Visit Engadget