A team of protection researchers claim to haveidentified a four - yr - old Android bugthat can provide malicious Trojan to appear as verified apps , infecting gimmick with malware while users remain incognizant of its comportment .
normally , apps are verified using cryptanalytic signature : modify update are thus rejected if the key does n’t match the one provided by the software developer . But the squad , from Bluebox Labs , have found a way to modify an app ’s APK data file without bring out the theme song — which means malicious code can easily be injected and users never made aware .
The teamclaims the bug has live since Android 1.6 Donut , and that it affects 99 pct of devices which habituate the OS . Google was notified of the hemipteran in February 2013 , but because of the way Android updates roll out it ’s up to twist producer to tender substance abuser a patch for the vulnerability . Apparently the Galaxy S4 has already been update — but weirdly Google ’s Nexus line remains a work - in - progress .
Of course , before you panic too much it ’s deserving noting that , even if malicious code can be injected into an already verified app , the software program has to find its way onto your speech sound . And if you ’re alone using the shimmer Store it ’s not decipherable how that would happen — unless you ’re tricked into download bogus updates from third - party app stores or the web . The take home : be careful when you stray from Google ’s safe haven .
Bluebox will award the research by and by this month at the Black Hat security measures conference in Las Vegas . [ BlueboxviaIDGviaVerge ]
AndroidGooglePlay StoreSecurity
Daily Newsletter
Get the good technical school , science , and culture news in your inbox daily .
News from the future , deliver to your present .
You May Also Like
