If you've kept in the loop at all with news on Android, you will have noticed a security company named Bluebox who discovered a vulnerability in Android that allows a hacker to modify the code of an APK file, i.e. an app, without changing the signature of the app. Essentially they could change the code and we, the end user would be none the wiser when we download this app as Android would not be able to tell that the app has been tampered with. Obviously this is a problem but do we need to panic?
How bad is it?
Anything else to do?
Bluebox have since released an app that scans your device, checks to see if it is patched, and whether or not you have apps that have been tampered with. To download the app, follow this link. If your device is patched then your phone manufacturer has taken steps to prevent this vulnerability and if you do not have any apps that are infected then you're pretty safe. Otherwise, take the advised steps given by the app.
Conclusion
We can't underestimate the importance of vulnerabilities like this. To put it into perspective, your phone data could be available to a hacker if you install an app that has been tampered with. Even if you have nothing to hide, you will no doubt not want all your personal information and perhaps sensitive information being available to a total stranger who is up to no good!
Mo
How bad is it?
According to Bluebox, this vulnerability affects 900 million Android devices or 99 per cent of Android devices out in the wild. Any phone with Android 1.6 or above possesses this vulnerability so more or less anyone with an Android smartphone. These at first are pretty scary figures and you are more at risk if you install apps from a third-party source as they are generally less well regulated and more susceptible to being tampered with. If you like to try new apps and venture into apps made by individuals then that probably increases your risk even more, but we could go on and on about what increases your risks.
Is there a fix?
A fix has been released by Google but it is up to manufacturers to implement it onto their devices and some have been slower to do so than others. Given the seriousness of this, most manufacturers have patched their devices but some have still not. It would be worth finding out if the manufacturer of your phone have taken steps to patch this vulnerability and if not, getting in touch and letting them know your concerns. Most companies nowadays take customer opinions much more seriously than they used to so it is a worthwhile method of making yourself heard.Anything else to do?
Bluebox have since released an app that scans your device, checks to see if it is patched, and whether or not you have apps that have been tampered with. To download the app, follow this link. If your device is patched then your phone manufacturer has taken steps to prevent this vulnerability and if you do not have any apps that are infected then you're pretty safe. Otherwise, take the advised steps given by the app.
Conclusion
We can't underestimate the importance of vulnerabilities like this. To put it into perspective, your phone data could be available to a hacker if you install an app that has been tampered with. Even if you have nothing to hide, you will no doubt not want all your personal information and perhaps sensitive information being available to a total stranger who is up to no good!
Mo
No comments:
Post a Comment