A loophole which makes Android vulnerable to hackers

A ‘master key’ has been reportedly discovered by a security research firm which could potentially give cyberattackers access to almost every Android phone.

According to BBC, security research firm BlueBox has discovered the loophole which is present in every version of the Android operating system released since 2009.

The bug emerges as a result of the way Android handles cryptographic verification of the programs installed on the phone

The report said that Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with.

Jeff ForristalBlueBox and his colleagues have found a method of tricking the way Android checks these signatures so that malicious changes to the apps go unnoticed.

Forristal said that the implications of this discovery could be ‘huge’ as it can take over the normal functioning of the phone and control any function thereof.

Security expert Dan Wallach said that in order to catch Android users, malicious hackers would have to get their booby-trapped version of a legitimate application on to the Google Play store.

According to the report, BlueBox had reported finding the bug to Google in February.

Google denied commenting on BlueBox discovery, the report added.

Via: TOI

Image Credit: AndroidTwit

 

Team TechPanda

Recent Posts

AI Launches: Fashion, EdTech, speech tech, monitors, fintech, data, trading, cloud, AI defense & model

The Tech Panda takes a look at recent launches in the superfast field of Artificial…

55 mins ago

6 Automation tools every 2D animator should master in 2025

As the animation industry continues to evolve, automation is becoming a critical ally for 2D…

2 hours ago

Can you really find parking in 5 minutes? Tech promises a breakthrough in Delhi-NCR

If you’ve ever circled endlessly in Delhi-NCR’s crowded streets, searching for a parking spot while…

3 days ago

Decoding the future of advertising: How blockchain is solving ad fraud, privacy & engagement challenges

Advertising has never been about anything other than connection — brands connecting with people through…

3 days ago

AI goes global: Best universities abroad offering world-class Artificial Intelligence degrees

As we navigate a world with algorithms predicting consumer behaviour, robotic-assisted surgical procedures, and intelligence…

1 week ago

Ness Digital Engineering launches ATONIS: An AI-powered engineering workbench to accelerate product innovation

Bridging intelligence and engineering maturity for a digital-first world Today’s engineering teams face mounting pressure…

2 weeks ago