Thursday 04 July 2013
For four years now, there is apparently a security hole in Android – and 99 percent of all devices used. Malicious code can be introduced via app update, the smartphone brought completely under control and be controlled remotely. One hurdle for potential attackers: Users
security experts have tracked down a serious bug in Android. Dangerous Trojans can disguise themselves so as trusted Apps, writes “Bluebox Secrurity”. Malicious code may hide themselves accordingly in updates for an installed program, without the user will notice something like this. 99 percent of all Android devices to be vulnerable. Google knew about the gap since February, according to the experts.
The operation is as simple as quick-witted: Usually Android applications are verified by cryptographic key. Fits the key of a software update does not match the code of the installed app, it will be rejected. However, security experts now say that they have found a way to get around this: The key is, the contents of the update is but changing any
. More about
the attacker could tap any data the smartphones As a result, with the help of Trojan, get complete access to the operating system and all installed apps. This includes passwords. In addition, the device could be remotely controlled and so made or received calls without the user, sent text messages, or the camera is turned on.
problem is spreading
Despite all these hazards for potential intruders to spread the appropriate software updates needed – and probably the most difficult part of such an operation. Inject a specially crafted file into Google PlayStore is not possible, it is at “The Verge”. So users have to manually apply the update. Owners of Android smartphones have to be especially careful when they install apps outside of the Play Gate, the experts advise.
The gap has existed for four years, it is said, called for the Android version 1.6, also called “donut”. This means that almost 900 million devices would be affected. The gateway to connect is the responsibility of the hardware manufacturer, who need to update their respective firmware.
Source: n-tv.de‘); display