07.08.13

Android Master Key Breach

Android security breaches have become a kind of “commonplace”, the openness of the operating system and security updates that arrive too late to a variety of devices from different manufacturers open the door to hackers, and malware is rapidly created. But this time, it seems that a much more serious breach is found – The “Master Key” that lets you install infected Android apps and bypass the defense mechanism of the operating system.

The found method through which hackers can change the code of each app, without breaking the cryptographic signature that verifies it, means that hackers can publish infected applications in APK files as completely legitimate Apps that bypass the authentication mechanism of Android.

The security loophole apparently affects all devices running the Google operating system versions 1.6 and higher, which currently is 99 percent of the users.
The App Store seems to be immune to this security hole, because Google is aware of such problems and operates its own tests on each application that comes to the store.

Moreover, it seems Google managed to fix the problem on the Galaxy S4 device, but on the other hand, users who have the Galaxy S4 and used to download third-party applications from non-Google Play, may be subject to the security hole by, for example, getting links to applications via e-mail.

Best recommendation that can be given to users who are concerned about the security hole is not to install applications that are not from Google Play, and if you are used to install third party applications through APK files – do it carefully and only through the official websites of the companies. Do not be tempted to open emails containing such files or install applications via various hacking websites.