Threat of the month: Android master key vulnerability

Share this article:
Threat of the month: Android master key vulnerability
Threat of the month: Android master key vulnerability

What is it?

The Android master key vulnerability can be used to bypass signature verification to gain full system-level access to a device. 

How does it work?

The class of vulnerabilities allow attackers to take a legitimate app, change the contents of that app, and republish it on third-party marketplaces without changing the signature of the original application produced by the original vendor.

Should I be worried?

If you do not use third-party marketplaces, there is little need for concern. Google claims to be scanning for the vulnerability in apps from its Google Play store. However, if you use third-party marketplaces, then there is cause for concern. 

How can I prevent it?

Do not download apps from third-party marketplaces. Only install apps from Google Play. Additionally, as soon as your mobile device provider pushes an over-the-air update, install the update. The patch for the master key flaw has not yet been pushed out to any devices, as of the time of this writing [Aug. 7].

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Threat of the Month

Sign up to our newsletters

TOP COMMENTS