Share this story
Close X
Switch to Desktop Site

Security flaw affects 99 percent of Android phones: report

A security research firm discovered a software flaw that it says has gone unnoticed for years.

An Android display at the Google Input/Output conference in San Francisco during which Google showcased the latest mobile devices running on its Android software.
Security research firm Bluebox recently announced that a flaw in the Android software left 99 percent of Android phones vulnerable to malware attacks.

Paul Sakuma/ AP Photo/ File

About these ads

A security research firm discovered a flaw in Android phone operating system that would allow hackers to modify a regular application into a malicious one completely undetected by smart phone users, the app seller, or the service provider.

According to Bluebox Security, the scope of the problem is enormous: It affects 99 percent of Android users.

This security flaw allows hackers to modify a smart phone application's package file, or APK code, without breaking the app’s cryptographic signature, according to the Bluebox report. Applications are usually recognized by their digital signatures, or cryptographic code, but this recently discovered security glitch revealed that the app’s contents could be changed without changing its cryptography.

These types of nefarious applications are referred to as “Trojans," and they work in a way that the literary allusion implies: Users think they are getting an app, but unbeknownst to them, the app is filed with destructive capabilities. 

“The implications are huge,” according to Bluebox Security’s report. This vulnerability to Trojan apps has been around since the release of the Android 1.6, and “could affect any Android phone released in the last 4 years – nearly 900 million devices.” Depending on the type of app, a hacker can exploit the smart phone's data. This means that personal information such as e-mail, text messages, passwords, and the phone’s location would all be accessible to the hacker, and could be used for anything from data theft to the creation of a mobile botnet. (Botnets are a network of computers infected with malicious software that causes them to perform automated tasks over the Internet, undetected by the user). 


Page:   1   |   2

Follow Stories Like This
Get the Monitor stories you care about delivered to your inbox.