Bluebox releases free scanner for Android “master key” bug

Bluebox Security, the mobile security startup that’s “working to save the world from information thievery”, has made a name for itself by finding and revealing the existence of an vulnerability that put 99 percent of all Android users in danger of unknowingly downloading malware.

This so-called “master key” bug allows attackers to modify the code of any app without breaking its cryptographic signature and makes it easy for them to substitute malicious apps with legitimate ones. The magnitude of the risk is big, especially now that proof-of-concept code for its exploitation has been published.

Bluebox has now made available an app called Bluebox Security Scanner that allows users to see whether their device is vulnerable to the bug. Available for download from Google Play, Amazon AppStore for Android and GetJar, the app scans the users’ device and tells them whether their Android installation has already been patched or still sports the vulnerability, whether their system settings allow non-Google Market application installs, and whether they have already installed one or more apps that take advantage of the flaw.


Information Security Buzz