[News] Google Releases Patch to OEM for Serious Android Security Loophole

Major Android security vulnerability was discovered by Bluebox labs, the research team of Bluebox that a master key hole can turn any application into a Torjan malware and take over 99% of the Android smartphones for the past 4 years. On July 10th, Google had already release the patch to OEM to shop to customer.

It is said that this significant flaw had been around since Android 1.6 (Android 1.6 Donut). It may impact any Android phone for the past four years; in other words, 900 million devices could be affected.

According to Gina Scigliano, Google’s Android communications manager, “A patch has been provided to our partners—some OEMs, like Samsung, are already shipping the fix to the Android devices.” However,  in order to update the security system, current Android users have to turn to their hardware vendors for updates.

In order to assure that the software has not been modified by a third-party, each program contains cryptographic signature of authentic Android application. However, such security loophole allows hackers to enable the malicious code under the condition of not affecting the cryptographic signature. In consequence, any Android developer who takes the advantage of such loophole can access to use’s phone like a legit regular app.

Nevertheless, Android users shouldn’t be worried too much. Scigliano also said that “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools,” “Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”

More about Android security: Most Androids Vulnerable Due to Outdated Firmware

Advertisements

답글 남기기

아래 항목을 채우거나 오른쪽 아이콘 중 하나를 클릭하여 로그 인 하세요:

WordPress.com 로고

WordPress.com의 계정을 사용하여 댓글을 남깁니다. 로그아웃 / 변경 )

Twitter 사진

Twitter의 계정을 사용하여 댓글을 남깁니다. 로그아웃 / 변경 )

Facebook 사진

Facebook의 계정을 사용하여 댓글을 남깁니다. 로그아웃 / 변경 )

Google+ photo

Google+의 계정을 사용하여 댓글을 남깁니다. 로그아웃 / 변경 )

%s에 연결하는 중