Millions could be at risk due to Android’s “fake ID” flaw
M

Bluebox Security, the same outfit that last year identified a worrisome (but thankfully patched) flaw in the Android app-packaging system, has done it again. On Tuesday, the company said it had found a new Android vulnerability that potentially allows the stealthy theft of information from millions of devices. Those with old Android handsets that no longer receive firmware updates are particularly at risk. However, as with the last time round, Android fans should check the details before freaking out โ€“ theyโ€™re probably not going to get hurt if they only install apps through the Play Store.

Millions of people using Android devices could be left open to attack from malicious apps that appear to come from legitimate developers, due to a flaw in Google’s mobile software. The flaw has been named “Fake ID” by security company Bluebox Labs, which discovered it. However, Google says it has already issued a patch to protect Android users from attacks exploiting the flaw. Fake ID has been resident in Android from version 2.1 to 4.4, although it was fixed in April as part of the latest update, Android KitKat. Millions of devices could still be at risk, though, as Google’s own figures show that82.1% of Android users are running an older version. In a blog post published today, Bluebox explained that the problem lies in how app security is checked on Android, with each app given its own cryptographic signature determining who can update it, and what privileges it has on a device. To get these signatures, apps are signed using โ€œidentity certificatesโ€, which go along a chain of trusted parties, supposedly to guarantee the right people are in control of the software.

NOTE: TECHi Two-Takes are the stories we have chosen from the web along with little bit of our opinion in a paragraph. Please check the original story in the Source Button below.

Interested in TECHi Feed RSS?

Get the latest insights, tips, and updates on revolutionizing your workspace to your inbox.

Popular This Week