Android flaw leaves 99% of devices open to attacks, details to be revealed at BlackHat

By Jos
Jul 4, 2013
Post New Reply
  1. Mobile security company Bluebox claims to have discovered a flaw in Android that could leave any device released in the last four years vulnerable to attacks. The method demonstrated allowed modifying an app’s code without affecting its cryptographic signature, inserting...

    Read more
  2. madboyv1

    madboyv1 TechSpot Paladin Posts: 942   +42

  3. Ah so that's how an NSA backdoor looks like. Gotcha.
    mosu likes this.
  4. Phraun

    Phraun Newcomer, in training Posts: 34

    In other words, be careful what you download and you'll probably be fine. Seems a bit overblown to me...
    9Nails likes this.
  5. bexwhitt

    bexwhitt TechSpot Enthusiast Posts: 154   +22

    Stick to google play then.
    Darth Shiv likes this.
  6. This just in. If you download a app with malicious code, it may do something bad.
  7. ArthurZ

    ArthurZ Newcomer, in training Posts: 79

    I am surprised to not to hear about any vulnerabilities in Windows Phones, is that because they are more secure, or because they only occupy 5% of the market?
  8. Lionvibez

    Lionvibez TechSpot Enthusiast Posts: 530   +76

    Dude you should run for president!
    trgz likes this.
  9. tipstir

    tipstir TS Ambassador Posts: 4,580   +76

    Run Dr. Web on the tablet and Smart phone. Change the HoSt file so you don't fall prey. All the Android ROM I release have internal protection. Also no tracking either. Beside Play Store there is 1 Mobile Market.
  10. St1ckM4n

    St1ckM4n TechSpot Evangelist Posts: 3,386   +608

    I read the original article on the Bluebox website. It seems to be a very fluffed up point they are making and they present no facts to show the supposed master key. Changing baseband? Gee, so l33t h4x0r.
  11. Darth Shiv

    Darth Shiv TechSpot Evangelist Posts: 1,134   +172

    Difference is the hacker can make a hacked app appear signed. That's the difference...
    trgz likes this.
     
  12. Darth Shiv

    Darth Shiv TechSpot Evangelist Posts: 1,134   +172

    Would think it is more a function of the market share. Pretty clear that any platform has nasty vulnerabilities if people hit them hard enough.
  13. St1ckM4n

    St1ckM4n TechSpot Evangelist Posts: 3,386   +608

    There's a difference between the hash for the app developer, and the hash for the apk version. Since Bluebox doesn't give any details, we have to assume everything they say is pure BS - until proven otherwise.
  14. Do Apple pay for these stories to be published on sites such as Techspot? I'm beginning to wonder.....
  15. roxxas2

    roxxas2 Newcomer, in training Posts: 64   +20

    There's an even bigger flaw in Android that no one knows about. It's where the app is given privileges to run in the background and do LITERALLY what ever the hell it wants. Turn on the camera, microphone, capture the screen, log any type of data and consume battery life.

    If Android were designed like Windows Phone, they wouldn't have to worry about malicious applications.
  16. Darth Shiv

    Darth Shiv TechSpot Evangelist Posts: 1,134   +172

    Apple has got a bit of bad press for nasty iOS bugs recently too iirc
  17. If Android was designed like Windows Phone, nobody would buy them.
  18. Vrmithrax

    Vrmithrax TechSpot Paladin Posts: 1,285   +232

    Nah, he makes too much sense and is obviously too honest for the job...
    cliffordcooley likes this.
  19. Lionvibez

    Lionvibez TechSpot Enthusiast Posts: 530   +76

    lol you may have a point.

    Misdirection, lies, and companies in your pocket seem to be the only way to win these days.
    cliffordcooley likes this.
  20. I call bull.

    So the only patched device is the Samsung GS4? What about the Nexus devices running the most recent official Android updates?

    Also that they "demo" the "exploit" on an HTC phone... considering the Android market is mainly Samsung's S4 vs HTC's One currently.. Most likely it's a marketing ploy by Samsung.
  21. RH00D

    RH00D TechSpot Booster Posts: 387   +97

    I love how when it's Android that is the OS that has massive security vulnerability it's just "overblown" and "no big deal" but if this was iOS or Windows Phone, the world would be ending as we know it.
  22. St1ckM4n

    St1ckM4n TechSpot Evangelist Posts: 3,386   +608

    The difference is this: when it happens to Apple (e.g. lockscreen flaw, getting into contacts/photos, etc) it actually happens. This story is just a rumour at the moment and a bad one at that.

    ...Unless someone else actually has found some facts to support this.
  23. RH00D

    RH00D TechSpot Booster Posts: 387   +97

    So now that Google has a patch to fix this "bad rumor", is it still a "bad rumor"? Or is Google just fixing imaginary problems now?
  24. St1ckM4n

    St1ckM4n TechSpot Evangelist Posts: 3,386   +608

    Yeah I understand your point, and it seems like I'm clutching at straws.. but:-

    Just because Google released a patch for a 'glitch' doesn't confirm not deny the claims stated in the OP. The effect could just be the ability to not change APK versions (which could indeed be possible). There is still no evidence to show how one could get the FB app and change significant parts of the OS.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.