跳到主要內容

uncovering Android Master Key affects almost all android device

Security research team BlueBox has discovered a bug in Google’s Android operating system which could make 99 percent of all devices vulnerable to a frightening attack. A vulnerability in the OS could theoretically allow attackers to take control of an otherwise legitimate app. From here the attacker could steal information or control the device itself.
According to BlueBox CTO Jeff Forristal, this vulnerability has been present in Android for the last four years and could affect as many as 900 million devices around the world. BlueBox alerted Google about this vulnerability in February and will explain how the bug affects Android later this month at the Black Hat USA Security Conference in Las Vegas, Nevada.
“The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature,” writes Forristal on the BlueBox corporate blog.
“All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.”

Bluebox's corporate blog and how to scan for the vulnerability

Read also comments from others:

blackhat 2013 conference

David Meyer's blog

bug explained and patch from Google


ZDNet 's truth about latest Google security scare

Symantec on this bug and situation in China

留言

這個網誌中的熱門文章

越南香草

Ngo ~ "N-gaw" Mui ~ "Moo-ee" Ngo ~ "N-gaw" Mui ~ "Moo-ee" Ngo ~ "N-gaw" Mui ~ "Moo-ee" Ngo (N-gaw) ,  Mui  (Moo-ee )  Cilantro Ngo Gai (N-gaw guy), Mui Tau (Moo-ee Tao), Ngo Tau (N-gaw Tao)   Mexican Coriander,  Sawtooth Coriander, Culantro    娥女帝(拼音), 刺芹   特徵:娥女帝是短株形的植物,氣味清淡,葉邊呈鋸齒形,十分容易辨認。來源地:越南。 功效:和白夏差不多,娥女帝亦有祛濕、解毒及驅風的療效。建議食法: Pho,  (Bánh Xeò) 越南煎餅, 炒菜,湯,咖哩 Ngo Gai ~ "N-gaw guy" Mui Tau ~ "Moo-ee Tao" Ngo Tau ~ "N-gaw Tao" - See more at: http://vietworldkitchen.typepad.com/blog/vietnamese-herb-primer.html#sthash.I9rzkzwI.dpuf Rau Ram (Rau Rahm) Vietnam Coriander, Laksa Leaf, "Vietnamese mint(actually not a mint)" Peppery, quite spicy. In salad Hung (Hoong), , Hung Lang (Hoong Lang) Spearmint.  Vietnamese coriander Hung Lui (Hoong Lou-ee), Hung Diu(Hoong Zee-ew) round mint used in salad Hung Cay (Hoong Kay) Mint Rau Que, Hung Que (H...

沖田博文 Hirofumi Okita 60cm F3.25 dobsonian telescope

  the making mirror from Mike Lockwood webpage   youtube uwakina bokura other ATMers in Japan blueforest anettai  

劣質洗衣機入水喉

上面白色是最易找到,$2x. 但漏水. 灰色, $4x, 是假冒 "MADE IN ITALY"  假冒 "MADE IN ITALY"  的標緻  左面是白色膠喉的喉頭, 右面是灰色膠喉的喉頭, 上圖左面是真正 好貨 ( MADE IN ITALY )灰色膠蓋.右面是冒牌 白色膠蓋. 膠蓋在安裝扭緊時爆開  上圖左面是真正 好貨 , 標了其他規格.右面是冒牌, 單單印了 MADE IN ITALY  好貨的膠蓋是可以下移, 露出喉頭及黑色軟膠墊 黑色軟膠墊是有坑紋. 質感較柔軟. 緊後可以"迫實"水龍頭 及喉蓋, 沒有滲漏 正板 MADE IN ITALY 賣 $4x, 價錢絕對合理. 冒牌貨在旺角新填地街買的, 也是$4x. 真是要小心!!! NB: MADE IN ITALY 是否真正 意大利制造實在無從考 証