Solve : Hackers use Android 'master key' exploit in China?

1.	Solve : Hackers use Android 'master key' exploit in China?
Answer» A security firm says it has identified the first known malicious use of Android's "master key" vulnerability. The bug - which was first publicised earlier this month - allows attackers to install code on to phones running Google's mobile operating system and then take control of them. Symantec said its researchers had found two apps distributed in China that had been infected using the exploit. Google has already taken moves to tackle the problem. A fortnight ago it released a patch to manufacturers, but it will not have been sent to all handset owners yet. Google also scans its own Play marketplace for the exploit, but this will not protect consumers who download software from other stores. Premium texts The vulnerability was first reported by security research firm BlueBox on 3 July. All Android apps contain an encrypted signature that the operating system uses to check the program is legitimate and has not been tampered with. But BlueBox said it had found a way to make changes to an app's code without affecting the signature. It warned the technique could be used to install a Trojan to read any data on a device, harvest passwords, RECORD phone calls, take photos and carry out other functions. According to Symantec, hackers have now exploited the flaw to install malware called Android.Skullkey, which steals data from compromised phones, monitors texts received and written on the handset, and also sends its own SMS messages to premium numbers. Full story: http://www.bbc.co.uk/news/technology-23431281Thanks for the heads up. The BBC article you linked SUGGESTS the problem is associated with third party PROGRAMS downloaded onto an Android smart[phone. Quote "Symantec recommends users only download applications from reputable Android application marketplaces." Thee are about 900 million Androids devices out there that potentially could be affected. But I just can't believe that would ever happen, or anything even close to that. I am not going to stop using my Android.Quote from: Geek-9pm on July 24, 2013, 08:45:55 AM Thanks for the heads up. The BBC article you linked suggests the problem is associated with third party programs downloaded onto an Android smart[phone. Thee are about 900 million Androids devices out there that potentially could be affected. But I just can't believe that would ever happen, or anything even close to that. I am not going to stop using my Android. Are we reading the same article? Does it not state that it could be from software outside the android/google market? Am I missing something here? Quote from: Geek-9pm on July 24, 2013, 08:45:55 AM I am not going to stop using my Android. Nobody is saying you should.. did you read this? Honestly I mean you make LESS than sense.

Answer»

A security firm says it has identified the first known malicious use of Android's "master key" vulnerability.

The bug - which was first publicised earlier this month - allows attackers to install code on to phones running Google's mobile operating system and then take control of them.

Symantec said its researchers had found two apps distributed in China that had been infected using the exploit.

Google has already taken moves to tackle the problem.

A fortnight ago it released a patch to manufacturers, but it will not have been sent to all handset owners yet.

Google also scans its own Play marketplace for the exploit, but this will not protect consumers who download software from other stores.
Premium texts

The vulnerability was first reported by security research firm BlueBox on 3 July.

All Android apps contain an encrypted signature that the operating system uses to check the program is legitimate and has not been tampered with.

But BlueBox said it had found a way to make changes to an app's code without affecting the signature.

It warned the technique could be used to install a Trojan to read any data on a device, harvest passwords, RECORD phone calls, take photos and carry out other functions.

According to Symantec, hackers have now exploited the flaw to install malware called Android.Skullkey, which steals data from compromised phones, monitors texts received and written on the handset, and also sends its own SMS messages to premium numbers.

Full story: http://www.bbc.co.uk/news/technology-23431281Thanks for the heads up.
The BBC article you linked SUGGESTS the problem is associated with third party PROGRAMS downloaded onto an Android smart[phone.
Quote

"Symantec recommends users only download applications from reputable Android application marketplaces."

Thee are about 900 million Androids devices out there that potentially could be affected. But I just can't believe that would ever happen, or anything even close to that. I am not going to stop using my Android.Quote from: Geek-9pm on July 24, 2013, 08:45:55 AM

Thanks for the heads up.
The BBC article you linked suggests the problem is associated with third party programs downloaded onto an Android smart[phone.
Thee are about 900 million Androids devices out there that potentially could be affected. But I just can't believe that would ever happen, or anything even close to that. I am not going to stop using my Android.

Are we reading the same article? Does it not state that it could be from software outside the android/google market? Am I missing something here?

Quote from: Geek-9pm on July 24, 2013, 08:45:55 AM

I am not going to stop using my Android.

Nobody is saying you should.. did you read this? Honestly I mean you make LESS than sense.

Solve : Hackers use Android 'master key' exploit in China?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment