There has been a new security vulnerability discovered for Android devices that could very well affect 99% of the android user base worldwide. It has the ability to sneak into your system and pretty much turn it into a zombified drone.
What was discovered was an ‘Android Master Key’ which could let a hacker capture your data as well as give them the ability to control your device from afar. The scary part? The device owner will never even know it’s happening. Even more astonishing is the fact that this vulnerability is said to have been in existence for nearly 4 years, since Android 1.6 Donut.
While this security breach doesn’t infect your device directly, it does allow the hacker to load any app with malware while still making it seem to be a legitimate file. This is an important point because any verified apps on your device are granted full access as a default by Android’s system. This means automatic updates are performed. Once you install a tampered-with app to your device and it gains that level of access, it can easily be “updated” with malware automatically.
It was reported, by researchers at Bluebox Labs who discovered this Android vulnerability, that this issue had been resolved for the Galaxy S4 but Android versions ranging from 1.6 to 4.2 still have this security hole.
There are some positive aspects to this story. Apps on Google Play are not affected by this. So that is one obstacle that hackers will face. The only way someone could fall prey to this new Android security breach is to download applications from third party sites. You do need to be cautious of third party app sites as well as downloading Android Application Packages directly from the web. The risk here is that you could be loading an app that has been tampered with onto your device, giving free reign to a hacker who could then send out any amount of Android Trojans.
While Bluebox has taken steps to let Google know about this, it doesn’t appear that Google is doing much about the security issue. It looks like it is being left to the manufacturers of the devices to take care of this, such as Samsung who have created a patch for Galaxy S4. It is said that Google’s Nexus 4 is also in the process of creating a fix for this.
The best way to protect yourself from this new Android vulnerability is to stick with downloading through the Google Play Store which is not vulnerable to this new threat. They have already taken steps in updating their security so that this problem cannot be taken advantage of by hackers.
It’s third party app stores and side loading apps that are the real risk here. So steer clear of those pirated apps and untrusted sources. Keep in mind that many of these security threats are not loaded automatically. They usually require approval by the user, meaning you have to download the app first.
If you’re being careful about the things you install on your device you lessen the risk. If an unexpected update prompt appears on your device, don’t just press yes without knowing what exactly is being updated and by whom. With a bit of vigilance and common sense, you can keep your devices much safer and avoid these security threats altogether.
Tom Davis is a technical contributor at TechWombat. He enjoys writing on IT, open source, electronics, and other geeky arcana. Tom’s always happy to reply to comments and corrections, so be nice and send him your thoughts at tomdavis@techwombat.com or in the comment section below.
