Bluebox Labs:Hackers can modify APK code of all Android devices
A reputable mobile security company Bluebox security, has released a jaw dropping research that will send shockwaves to all Android fanatics. The security company recently discovered loopholes in Android’s security model that gives the hacker access to alter and modify APK code without dismantling application’s cryptographic signature. That would effectively turn any legitimate application into a malicious Trojan where the app store or phone user wouldn’t notice. According to the research details that I have gone through, only less than 10% of all Android devices are not vulnerable to hacking and cannot be controlled remotely by cyber criminals. The team claims it discovered a flaw in the operating system of almost all Google phones and tablets that allows hackers to modify its code in a way that modifies any legitimate application into a malicious Trojan virus.
Bluebox Security emphasizes that vulnerability exists on any Android tablets or phone released since early 2010, that affects roughly 900 million devices. According to the company, the issue is central to Google’s open source operating system and so far only one device has been patched. While I was reading the study, cyber crooks have to wait for genuine apps to be approved for sale and then go on full swing and modify the code after and create an “exploit” that allows them to take over people’s phones via the app. In effect, that would allow hackers to access users passwords, debit and credit card information, electronic mails and any data a phone user stores in the phone. The researchers also claim that depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet. Bluebox has advised that users update their operating system to the latest version. My advice is that as user, you should delete any app that store your personal information such as credit card or PayPal information immediately after reading this. You better get rid of it before its too late. Better safe than be sorry. Read more on BlueBox security.