Vulnerability Hands Hackers a Master Key to Android
- Thursday, July 4th, 2013
- Share this article:
Bluebox Security has discovered an Android security vulnerability which it has termed the Master Key, because it can give hackers full access to a handset.
The vulnerability can be exploited to turn legitimate apps into Trojan malware with full access to the phone, its installed app, and all data held within. This would grant hackers access not only to stored messages and saved passwords, but also the phones functions – including sending messages, recording calls and activating the devices camera.
The vulnerability, which has been present since at least version 1.6 of the OS, allows hackers to modify APK code without breaking an app’s cryptographic signature – the security measure which is used to verify an app hasnt been tampered with. This means the hack can go completely unnoticed by the app store, device, and user.
The risk is particularly great, Bluebox points out, when it comes to apps which are granted special elevated privileges within Android, specifically System UID access.