Google patches exploit which would have allowed conversion of apps to malware



Google responded quite fast to the threat that was found by Bluebox Security,which would have allowed attackers to convert 99 percent of all applications into Trojan malware. Scary huh? The Company Bluebox Security CTO Jeff Forristal in a briefing says that the security hole had been around since the release of Android 1.6.

Its called the Master Key Vulnerability, and as obvious as the name sounds, it basically lets attackers into every nook and cranny of your precious droid and convert 99 percent of legit Android applications into Trojans by effectively injecting malware into an individual application,all this being done without tampering or changing their signatures.Signatures are an applications way of knowing if the app has been tampered with. (think forging of your signature,only the Trojan doesn’t need to do that.)

The security flop would have affected close to around 800-900 million devices,going by the number devices from android 1.6.But Google apparently knew this,they were silently alerted back in february,but has quickly patched the security hole and released the patch to OEMs.Manufacturesrs like Samsung have already started pushing the patch out to consumers,even custom roms like cyanogen mod are pushing out the update.

Gina Scigliano, Google’s Android Communications Manager affirmed that even though Google dint have a statement to make,she could affirm that

confirm that a patch has been provided to our partners – some OEMs, like Samsung, are already shipping the fix to the Android devices.

She also added that

We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.

So its upto hardware vendors now to push out the update.Keep it Pocketdroid for news on this developing story.