Android flaw leaves 99% of devices open to attacks, details to be revealed at BlackHat

Jos

TS Evangelist
Mobile security company Bluebox claims to have discovered a flaw in Android that could leave any device released in the last four years vulnerable to attacks. The method demonstrated allowed modifying an app’s code without affecting its cryptographic signature, inserting...

[newwindow="https://www.techspot.com/news/53133-android-flaw-leaves-99-of-devices-open-to-attacks-details-to-be-revealed-at-blackhat.html"]Read more[/newwindow]
 
G

Guest

This just in. If you download a app with malicious code, it may do something bad.
 

ArthurZ

TS Rookie
I am surprised to not to hear about any vulnerabilities in Windows Phones, is that because they are more secure, or because they only occupy 5% of the market?
 

tipstir

TS Ambassador
Run Dr. Web on the tablet and Smart phone. Change the HoSt file so you don't fall prey. All the Android ROM I release have internal protection. Also no tracking either. Beside Play Store there is 1 Mobile Market.
 

St1ckM4n

TS Evangelist
I read the original article on the Bluebox website. It seems to be a very fluffed up point they are making and they present no facts to show the supposed master key. Changing baseband? Gee, so l33t h4x0r.
 

Darth Shiv

TS Evangelist
I am surprised to not to hear about any vulnerabilities in Windows Phones, is that because they are more secure, or because they only occupy 5% of the market?
Would think it is more a function of the market share. Pretty clear that any platform has nasty vulnerabilities if people hit them hard enough.
 

St1ckM4n

TS Evangelist
Difference is the hacker can make a hacked app appear signed. That's the difference...
There's a difference between the hash for the app developer, and the hash for the apk version. Since Bluebox doesn't give any details, we have to assume everything they say is pure BS - until proven otherwise.
 
G

Guest

Do Apple pay for these stories to be published on sites such as Techspot? I'm beginning to wonder.....
 

roxxas2

TS Enthusiast
There's an even bigger flaw in Android that no one knows about. It's where the app is given privileges to run in the background and do LITERALLY what ever the hell it wants. Turn on the camera, microphone, capture the screen, log any type of data and consume battery life.

If Android were designed like Windows Phone, they wouldn't have to worry about malicious applications.
 
G

Guest

If Android was designed like Windows Phone, nobody would buy them.
 
G

Guest

I call bull.

So the only patched device is the Samsung GS4? What about the Nexus devices running the most recent official Android updates?

Also that they "demo" the "exploit" on an HTC phone... considering the Android market is mainly Samsung's S4 vs HTC's One currently.. Most likely it's a marketing ploy by Samsung.
 
R

RH00D

I love how when it's Android that is the OS that has massive security vulnerability it's just "overblown" and "no big deal" but if this was iOS or Windows Phone, the world would be ending as we know it.
 

St1ckM4n

TS Evangelist
I love how when it's Android that is the OS that has massive security vulnerability it's just "overblown" and "no big deal" but if this was iOS or Windows Phone, the world would be ending as we know it.
The difference is this: when it happens to Apple (e.g. lockscreen flaw, getting into contacts/photos, etc) it actually happens. This story is just a rumour at the moment and a bad one at that.

...Unless someone else actually has found some facts to support this.
 
R

RH00D

The difference is this: when it happens to Apple (e.g. lockscreen flaw, getting into contacts/photos, etc) it actually happens. This story is just a rumour at the moment and a bad one at that.

...Unless someone else actually has found some facts to support this.
So now that Google has a patch to fix this "bad rumor", is it still a "bad rumor"? Or is Google just fixing imaginary problems now?
 

St1ckM4n

TS Evangelist
So now that Google has a patch to fix this "bad rumor", is it still a "bad rumor"? Or is Google just fixing imaginary problems now?
Yeah I understand your point, and it seems like I'm clutching at straws.. but:-

Just because Google released a patch for a 'glitch' doesn't confirm not deny the claims stated in the OP. The effect could just be the ability to not change APK versions (which could indeed be possible). There is still no evidence to show how one could get the FB app and change significant parts of the OS.