We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

2 min read 1 Comment

Google fixes "Master Key" Exploit

If you own an Android device, you most like have heard about the security exploit discovered last week by Bluebox Security that affects almost all Android users. Samsung has already issues a fix for its Galaxy S4 device, but that is one device among the countless number out there and the exploit is capable of affecting versions of Android from 1.6 to 4.2.2. Thankfully, Google has stepped up to the plate and leaked the security hole….and now it’s in the hands of the OEMs and carriers to roll it out to customers.

sicurezza app
© (CC BY-SA 2.0) Alexandre Dulaunoy @Flickr

The basic premise of the exploit is that someone could maliciously repackage a signed application with malware and it wouldn’t be caught, as the security payload would be identical.  So, for all intents and purposes the app would look legit from the outside, but be packed with malicious code within. However, the message on how to prevent it from affecting your phone is relatively simple: don’t side load software from outside the Google Play Store. While apps may still be able to be compromised maliciously even in the Play Store, it is not possible to take advantage of the exploit through the official App Store.

However, Google has confirmed that it has patched the exploit and distributed the code to the manufacturers. Now, it’s in the hands of the corresponding companies, such as HTC and Samsung, to roll out the security update to the carriers. Just how long this will take and whether it will cover each and every device out there is still questionable.  If the past is any indication, I wouldn’t be holding my breathe while I wait.

In cases like this that involve huge security flaws, should OEMs be able to bypass the carriers and do a rollout themselves? 

Via: Mobile Syrup Source: ZDNet

1 Comment

Write new comment:
All changes will be saved. No drafts are saved when editing

  • The only app I've installed that isn't from Google Play Store is AdBlock Plus. I'm just wondering if an anti-virus app would catch malware from this exploit? I have Avast installed, which scans apps as they install.

Recommended articles