A vulnerability that could affect 99 percent of the world’s Android-powered phones and tablets has been unearthed within the Google-owned platform.
Since more than 900 million Android devices have been activated, we’re filing this in the ‘major vulnerability’ folder.
Bluebox Security says it found ‘the Android master key’ which could allow a hacker to turn virtually any Android app into a malicious “zombie”. In other words, malware could allow hackers to remotely capture data and control functions on a device — such as calls and messages — all without raising the attention of the phone owner, Google or the app developer.
In a post on the BlueBox Security blog, CTO Jeff Forristal explains that the vulnerability dates back to Android 1.6 (aka its four-year-old Donut build). Forristal revealed the company found a method by which a hacker could modify an app’s APK code without breaking the cryptographic signature used to authenticate it.