Bluebox security research team has found a serious security flaw on Android devices. The Android device running version 1.6 (Donut) and later versions contain this serious flaw. With this vulnerability, a hacker could easily turn apps into Trojan virus which can control the entire device. It can have access to all applications, account, passwords, data and network. Most of the sensitive information on the device can be tracked or compromised with this vulnerability. Some of the Android device manufacturers have fixed this vulnerability but still many devices do have this vulnerability.
Whenever a new update is installed on Android, the device verifies that the new version has the same signature as of original author's key. The device verifies the key cryptographically which in turn allowed a hacker to modify the APKs without breaking the signature.
Jeff Forristal, Bluebox CTO said that a hacker can make use of this vulnerability making such a malicious updates. Updates downloaded from Google Play store directly does not have to contain such malicious apps but updates downloaded from other sources may contain malicious apps where a hacker can use this vulnerability to gain access over the device.
Already, Bluebox has reported the vulnerability in the month of February of this year to Google. Now, the internet giant, Google is working on the vulnerability so that they could release a patch for fixing this vulnerability on Android devices or fix the vulnerability on upcoming Android versions.
Samsung Galaxy S4, which was launched recently does not seem to contain this type of vulnerability as the company fixed vulnerability while they released the smartphone.
Statistically, this vulnerability could affect more than 900 million devices. A hacker could easily provide such malicious updates via email or with the help of any other sources.
Similar to this vulnerability, Apple's iCloud too contained such serious vulnerability using which a hacker broke through to gain access to sensitive data like passwords and account information. Read more about the iCloud vulnerability here.
So, what's your thought about Android? Some people go for Android as they can have free apps. We can expect a vulnerability fix from Google which should be released as soon as possible. Share your thoughts below.