Google’s Android is one of the most famous mobile operating system ever in the history of Smartphones. Recently Google has announced that Android has reached to 900 M activation in this year which is just double from the last year’s figures that was 400M. Google play allows the users to easily submit their developed android apps with a developer’s account. It is really shocking news that a security and research firm has announced that they have discovered a loophole or we can say “master key” in the Android’s security model. It leads the attackers to hack the android app and convert into a malicious Trojan.
Bluebox security has announced the flaw in a mobile OS android security that can affect millions of the android devices. By simply modifying the APK code any hacker can convert an app into a malicious Trojan. Here one point should be noticed that hackers can do that without breaking or modifying app’s cryptographic signature.
First we have to look at the android application verification and installation process to understand the seriousness of the issue. Normally most of the android apps installed on OS by a helper process as an Android Package file known as APK. Here cryptographic signature plays an important role that ensures the similarity between installed code and developer’s code. The lack of compatibilities in the android system offers the attackers to modify the application code without breaking the cryptographic signature.
This flaw leads to a serious possibility of attack on the application developed by the device makers themselves. Trojan app installation will grant the app full access of the android system for a particular device. The installed app can retrieve all the data stored in the device in the form of emails, documents and SMS. In other words it can overtake the device controls and normal functioning of the phone. This is a major security concern with android system where device’s data and other information can easily attacked by the hackers.
Author : M Pundits