Android flaw leaves 99% of devices open to attacks, details to be revealed at BlackHat

By Jos · 23 replies
Jul 4, 2013
Post New Reply
  1. Mobile security company Bluebox claims to have discovered a flaw in Android that could leave any device released in the last four years vulnerable to attacks. The method demonstrated allowed modifying an app’s code without affecting its cryptographic signature, inserting...

    Read more
  2. madboyv1

    madboyv1 TechSpot Paladin Posts: 1,471   +375

  3. Ah so that's how an NSA backdoor looks like. Gotcha.
    mosu likes this.
  4. Phraun

    Phraun TS Rookie Posts: 35

    In other words, be careful what you download and you'll probably be fine. Seems a bit overblown to me...
    9Nails likes this.
  5. bexwhitt

    bexwhitt TS Guru Posts: 355   +72

    Stick to google play then.
    Darth Shiv likes this.
  6. This just in. If you download a app with malicious code, it may do something bad.
  7. ArthurZ

    ArthurZ TS Rookie Posts: 79

    I am surprised to not to hear about any vulnerabilities in Windows Phones, is that because they are more secure, or because they only occupy 5% of the market?
  8. Lionvibez

    Lionvibez TS Evangelist Posts: 1,266   +436

    Dude you should run for president!
    trgz likes this.
  9. tipstir

    tipstir TS Ambassador Posts: 2,475   +126

    Run Dr. Web on the tablet and Smart phone. Change the HoSt file so you don't fall prey. All the Android ROM I release have internal protection. Also no tracking either. Beside Play Store there is 1 Mobile Market.
  10. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    I read the original article on the Bluebox website. It seems to be a very fluffed up point they are making and they present no facts to show the supposed master key. Changing baseband? Gee, so l33t h4x0r.
  11. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Difference is the hacker can make a hacked app appear signed. That's the difference...
    trgz likes this.
  12. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Would think it is more a function of the market share. Pretty clear that any platform has nasty vulnerabilities if people hit them hard enough.
  13. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    There's a difference between the hash for the app developer, and the hash for the apk version. Since Bluebox doesn't give any details, we have to assume everything they say is pure BS - until proven otherwise.
  14. Do Apple pay for these stories to be published on sites such as Techspot? I'm beginning to wonder.....
  15. roxxas2

    roxxas2 TS Enthusiast Posts: 65   +22

    There's an even bigger flaw in Android that no one knows about. It's where the app is given privileges to run in the background and do LITERALLY what ever the hell it wants. Turn on the camera, microphone, capture the screen, log any type of data and consume battery life.

    If Android were designed like Windows Phone, they wouldn't have to worry about malicious applications.
  16. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,811   +472

    Apple has got a bit of bad press for nasty iOS bugs recently too iirc
  17. If Android was designed like Windows Phone, nobody would buy them.
  18. Vrmithrax

    Vrmithrax TechSpot Paladin Posts: 1,352   +293

    Nah, he makes too much sense and is obviously too honest for the job...
    cliffordcooley likes this.
  19. Lionvibez

    Lionvibez TS Evangelist Posts: 1,266   +436

    lol you may have a point.

    Misdirection, lies, and companies in your pocket seem to be the only way to win these days.
    cliffordcooley likes this.
  20. I call bull.

    So the only patched device is the Samsung GS4? What about the Nexus devices running the most recent official Android updates?

    Also that they "demo" the "exploit" on an HTC phone... considering the Android market is mainly Samsung's S4 vs HTC's One currently.. Most likely it's a marketing ploy by Samsung.
  21. I love how when it's Android that is the OS that has massive security vulnerability it's just "overblown" and "no big deal" but if this was iOS or Windows Phone, the world would be ending as we know it.
  22. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    The difference is this: when it happens to Apple (e.g. lockscreen flaw, getting into contacts/photos, etc) it actually happens. This story is just a rumour at the moment and a bad one at that.

    ...Unless someone else actually has found some facts to support this.
  23. So now that Google has a patch to fix this "bad rumor", is it still a "bad rumor"? Or is Google just fixing imaginary problems now?
  24. St1ckM4n

    St1ckM4n TS Evangelist Posts: 2,922   +630

    Yeah I understand your point, and it seems like I'm clutching at straws.. but:-

    Just because Google released a patch for a 'glitch' doesn't confirm not deny the claims stated in the OP. The effect could just be the ability to not change APK versions (which could indeed be possible). There is still no evidence to show how one could get the FB app and change significant parts of the OS.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...