Security experts of Bluebox claim that they have found a very nasty bug in the operating system Android. According to them, it allows hackers to disguise Trojans under the tested applications by hiding malware in existing programs. This bug still exists in version Android 1.6 Donut and covers 99 percent of the devices.
Most applications are checked by a special cryptographic signatures (keys), so that their change must be rejected if the key does not match your developer. Bluebox but found that there are changes in the way applications without breaking the signature. This allows you to install malicious code, if an attacker finds a way to send the user a modified program.
Using Google Play, however, can not substitute for the application, as Google has updated its platform. But the user can still cheat by setting the desired application or an update by other means, including stores and third-class on which user can easily lure. Among other things, malicious updates can also allow attackers to obtain full access to the system, stealing personal data, and so on.
With all these misunderstandings Android is trying to cope with the latest updates. However, to get around the installation of applications from unknown users of resources – not an easy task. If this is possible, then start worrying owners of older devices should be Android, which have ceased to receive updates.
Expand full information about their research Bluebox is going to the end of this month at a security conference Black Hut in Las Vegas, the magazine writes The Verge.