Tip:
Highlight text to annotate it
X
(Image source: The Verge)
BY CANDICE AVILES
Android users, beware of a large security breach that could put your phone at risk.
TechCrunch broke the story, reporting the mobile security startup Bluebox Security found
a vulnerability in Android's security model — specifically, the way applications verify
changes to their code with Google's servers. Exploiting this allows a hacker "to turn
a legitimate app into a malicious Trojan by modifying APK code without breaking the app's
cryptographic signature ... thereby tricking Android into believing the app itself is unchanged,
and allowing the hacker to wreak their merry havoc."
So if you download a compromised app, it can give hackers access to your phone. While there's
no master list of risky apps, WSLS says, "The security hole puts an estimated 99 percent
of all Android devices released in the past four years at risk."
Now, this problem dates back to the release of the Android 1.6, and according to The
Washington Post, that means about 900 million devices are open to hackers. It goes on to
report security has always been a concern for Android phones because of the "open nature
of the system."
When it comes to fixing the problem, Bluebox says it's up to device manufactures to release
firmware updates for mobile devices and for users to install them. The manufacturer and
model of your phone determine when you can get an update.
But it's not that simple for all Android users. The Verge reports, "The bug is a slap in the
face to users of older Android devices that have stopped receiving updates."
In the meantime, Bluebox Security has advice for users to help protect themselves: Make
sure the publishers of the apps you download are legitimate, update your devices, and keep
them updated.