Android Exploit

[klikster]

"The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet." .. http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

[BB1950]

Android devices have always had security flaws (all OSs do). In the early days, Android devices weren't exploited much. Now there are lots of Android devices, so exploits are happening more frequently.

Unfortunately, with older Android devices, there are no firmware patches offered. 'Rooting' does make the device more vulnerable because parts of the kernal can me modified or hacked. Newer devices can receive firmware updates.

So as a rule of thumb:

1. Don't leave mobile data communication services enabled (such as GSM/GPRS/3G/4G/Wi-Fi/GPS, ect...). Disable them when you aren't using them. It will also save you money and you'll get longer battery life.
2. Don't keep sensitive data on the device. If you do, keep it in some kind of 'encrypted data vault' that uses 'strong encrytion' with a 'strong password'. There are many free apps that do this.
3. Avoid using 'rooted' firmware (although some apps such as 'backup apps' require 'rooted' firmware). Disable 'rooting' if you can. Many newer devices can't be 'rooted'.
4. Install a good frequently updated, well trusted, anti-virus app to scan installed apps and apps during installation. There are many good 'free' ones such as Lookout, AVG, Avast, Norton, Fast Scan, Avira, Zoner, etc...
5. Practice safe browsing techniques. The same as you would on any other PC device.