POC exploit for Android Signature Vulnerability Released in the Wild


Earlier this month Bluebox Security discovered a critical security issue with the Android OS. Researchers at the firm had found out that the mobile OS allows attackers to modify APK files without altering the cryptographic signature. The issue affects Android releases from version 1.6 and any other Android device released over the past 4 years. A Github user, Poliva, demonstrates the possibility of achieving this.

Although there hasn’t been any evidence of exploitation in Google Play and other Android market stores, Google has cautioned Android users on the installation of applications from 3rd party Android app stores. Android OEMs have been receiving patches from Google since March, the deployment of these fixes however depends on the OEMs who make them available to end users.

Previous articleNokia announces the Lumia 1020, see specs
Next articleOrange goes cross-border in mobile-to-mobile money transfers in West Africa
Bringing you news on information systems, business intelligence and IT innovations. Contact me on @aKhadiemik and c [dot] agengo [at] techweez [dot] com