A ‘master key’ has been reportedly discovered by a security research firm which could potentially give cyberattackers access to almost every Android phone.
According to BBC, security research firm BlueBox has discovered the loophole which is present in every version of the Android operating system released since 2009.
The bug emerges as a result of the way Android handles cryptographic verification of the programs installed on the phone
The report said that Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with.
Jeff ForristalBlueBox and his colleagues have found a method of tricking the way Android checks these signatures so that malicious changes to the apps go unnoticed.
Forristal said that the implications of this discovery could be ‘huge’ as it can take over the normal functioning of the phone and control any function thereof.
Security expert Dan Wallach said that in order to catch Android users, malicious hackers would have to get their booby-trapped version of a legitimate application on to the Google Play store.
According to the report, BlueBox had reported finding the bug to Google in February.
Google denied commenting on BlueBox discovery, the report added.
Via: TOI
Image Credit: AndroidTwit
The internet user base in India is set to surpass 900 million by 2025, driven…
Varaha, an Indian company developing carbon removal projects in Asia, has sold 100,000 carbon dioxide…
Ever wondered what happens when quantum computing takes a giant leap forward? Google’s latest quantum…
Does AI need to be reined in? Will putting regulations on AI curb the progress…
By definition of the Merriam-Webster dictionary, ‘technology’ means ‘the practical application of knowledge especially in…
This is the second-last edition of this year's "Tech, What the Heck!?" newsletter. To commemorate…
