Android Security Hole Could Affect 900 Million Devices

Android Security Hole Could Affect 900 Million Devices

1 979

This bit of news probably sounds more scary than it actually is. According to Bluebox Security CTO Jeff Foristal there is an APK code loophole which will allow malware to be loaded undetected under the guise of an authentic app. This issues apparently dates back to the Android 1.6 (Donut) firmware which according to Forristal could affect 900 million devices. This said exploit if abused by hackers could mine data from messages, emails, to stored passwords and other sorts of data to the point of hijacking devices to create a mobile botnet.

While this all sounds so scary, the fact that the exploit has been around for four years and nothing major has happened with Android devices so far may mean this exploit is being panned out to be a bigger issue than it actually is, or maybe not. Our Android devices could all be slaves in a great botnet that we are not aware of. Forristal will reveal more details publicly at the 2013 Black  Hat security convention later this year. In the meantime, you will probably want to steer away from downloading all the apps you can find on Google Play (hooray for an open market, eh?). Actually, with or without the exploit, you should be careful with the apps you download.


  • StriderVM

    This has already happened. And is sort of widespread. IF you don’t use Google Play when downloading apps. Malicious people will put extra programs on legitimate programs (Say put another on a real Temple Run game) . So usually they won’t get past a typical Google Play download. It’s a fair warning on third party download sites though.