The Bug That Can Hijack 900 Million Android Devices.

It has been discovered that a “master key” could allow hackers complete access to over 900million mobile phones and tablets that are running Google’s Android software.  Hackers are able to hijack phones through this “bug” and steal data from your phone, listen in to your phone calls and even send junk email and text messages from your device.

Researchers have found that the bug has been present since 2009 and as a result there are 900million devices which are now at risk from being hacked.  The implications of such a hack would be “huge”, according to Jeff Forristal of firm Bluebox, the company that uncovered the blip.

On the firm’s blog he said that the hack could essentially take over a user’s phone and control every function of that phone from that point on.  He confirmed that his company had notified Google back in February about the problem.

The problem is that the bug takes control of the way that Android handles cryptographic verification of the apps that are installed on your phone.  This cryptographic signature is used by an Android device as a way to check that a programme or app is legitimate and makes sure that it has not been tampered with.

However the Bluebox team have found that there is a way to bypass these so-called checks by tricking Android so that any malicious changes to apps go apparently unnoticed.  Therefore an app or programme that is written specifically to exploit the bug can then have access to your phone in exactly the same way as a legitimate app or programme can.

More information about about this problem is to be revealed by Forristal at the Black Hat hacker conference, to be held in August, where they will declare that this bug will have huge implications for companies who allow people to connect their Android phone or tablets to their secure company networks.

Some devices already have a solution to the problem, such as the Samsung Galaxy S4, but the Google Nexus handset surprisingly does not.

Experts at present are stating that there is no evidence that the flaw has been exploited in any way but that Google need to put something in place before anything does happen.

No comments yet.

Leave a Reply