Printed from http://www.electronista.com

Six Chinese Android apps with 'master key' exploit found

updated 11:33 pm EDT, Thu July 25, 2013

Flaw quickly exploited by hostile actors, more to come

Security researchers at Symantec have discovered the first utilizations of the "master key" Android vulnerability. At least six applications, distributed on Android marketplaces in China have been discovered with the exploit installed: two doctor's appointment schedulers, a news app, an arcade game, a card game, and a betting aide.

All six of these applications have been modified with added code to allow them to remotely control devices, steal IMEI and phone numbers off the infected device, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands.

Every Android contains a cryptographic signature to ensure to the kernel of the device that an app has not been tampered with. The vulnerability inserts code into an extant app without changing the signature of the app, in essence tricking Android into believing that an app is unchanged from initial installation.

Using this elevated access granted by manufacturer-specific apps, a Trojan-attacked app can then read any information on the device, recall all stored passwords, and "essentially take over the normal functioning of the phone and control any function thereof" including, but not limited to, phone calls, SMS messaging, camera use, and call recording.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

JBL Synchros Reflect in-ear headphones

All headphones are not created equally, especially when it comes to use during vigorous activities or workouts. Over-the-ear headphone ...

Linksys WRT1200AC Wi-Fi Router

Once upon a time, a brand-new Linksys router showed up on our doorstep. So we gathered some network-minded friends together, and hooke ...

Rapoo A300 Mini Bluetooth NFC Speaker

The Rapoo Bluetooth Mini NFC Speaker is a little metallic box about the size of a baseball. In spite of its small size, we were very p ...

Advertisement

toggle

Most Commented

 
toggle

Popular News