[aklug] Android Master Key Vulnerability

From: Lee Brumbaugh <lbrumbaugh@gmail.com>
Date: Fri Jul 19 2013 - 14:13:19 AKDT

Guys and Gals,

Think of this as a PSA more than anything else, and if you don't use any
Android device, then feel free to delete this message. If this was already
posted.. then ignore my feeble warnings.

In case any Android users out there haven't seen this yet, it's a big one:

What it boils down to is that some security researchers found a
vulnerability in Androids signing check going all the way back to Android
1.6 to the nearly latest and greatest Android 4.1.x. What this means is
that any malicious app using this can basically do whatever they want on
your device without you being aware of it, from stealing your info to
posting on you social media.

They also just found 2 apps on Google Play that are using this
vulnerabilities; probably benignly, but it means that Google isn't
necessarily checking for this. You can see that here:

That last article also lists that Webroot and Bitdefender antivirus apps
are now blocking/defending against this, so I highly recommend that all
Android users install one of the two.

*Lee Brumbaugh*

To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jul 19 14:14:14 2013

This archive was generated by hypermail 2.1.8 : Fri Jul 19 2013 - 14:14:14 AKDT