Check if your Android is vulnerable to 'Master Key' malware with this app
After exposing a deadly vulnerability in
Android’s security model a couple of days ago, the guys at Bluebox
Security research have released an Android application to help users
ascertain whether their system is vulnerable or safe from the security
flaw.
The app, Bluebox Security Scanner, is now available as a free download on the Google Play store. Once the app is installed on your device, it will scan the device to see if your system is vulnerable or patched to the vulnerability that was found affecting most Android devices. The app will also check whether the system settings on a user’s Android device allows non-Google Market application installs. It will also look for any installed apps on a user’s device trying to maliciously exploit the flaw.
For those not in the know, a few days ago, the guys at Bluebox Security research discovered a gaping hole in Android’s security model that could be exploited by hackers to convert genuine apps into a malicious Trojan. Google was reported to have provided a patch to fix this major security flaw in the system. The company's Android Communications Manager Gina Scigliano told ZDNet that, “a patch has been provided to our partners - some OEMs, like Samsung, are already shipping the fix to the Android devices."
Jeff Forristal, Bluebox CTO, revealed that the flaw in Android’s security model has been around at least since the release of Android 1.6. He added that the flaw is likely to affect any Android phone released in the last 4 years (or nearly 900 million devices). Depending on what the hacker wants to accomplish, the security flaw can be exploited for anything from data theft to making it a mobile botnet.
Once a malicious app is installed from the device manufacturer, it can get access to the Android system and other applications and their data. The malicious app can then read a user’s emails, SMS and documents; it can get all stored account and service passwords, et al. All in all, the malicious app can take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera and record calls).
The malicious app can create a mobile botnet. The flaw in Android’s security model exploits the fact that Android apps are cryptographically verified and installed, allowing for APK code modification without breaking the cryptographic signature. Explaining this, he says that all apps within the Play Store come with cryptographic signatures that Android uses to find out if a given app is legitimate and to ensure that it hasn’t been tampered with or modified. Owing to this vulnerability, it is possible to change an application’s code without affecting the app’s cryptographic signature in any way. Simply put, the malware manages to “trick” Android into believing that the app hasn’t been modified, even though it has been.
The Bluebox Security Scanner app for Android devices is currently in v1.2 and works on Android devices running v2.3.3 and above. Users should note here that the app currently cannot scan unreadable, copy-protected apps and these were reported as "trying to evade the scanner". Instead, the app will only show how many such apps were skipped during the scan process.
The app, Bluebox Security Scanner, is now available as a free download on the Google Play store. Once the app is installed on your device, it will scan the device to see if your system is vulnerable or patched to the vulnerability that was found affecting most Android devices. The app will also check whether the system settings on a user’s Android device allows non-Google Market application installs. It will also look for any installed apps on a user’s device trying to maliciously exploit the flaw.
Screenshots of the BlueBox Security Scanner app
For those not in the know, a few days ago, the guys at Bluebox Security research discovered a gaping hole in Android’s security model that could be exploited by hackers to convert genuine apps into a malicious Trojan. Google was reported to have provided a patch to fix this major security flaw in the system. The company's Android Communications Manager Gina Scigliano told ZDNet that, “a patch has been provided to our partners - some OEMs, like Samsung, are already shipping the fix to the Android devices."
Jeff Forristal, Bluebox CTO, revealed that the flaw in Android’s security model has been around at least since the release of Android 1.6. He added that the flaw is likely to affect any Android phone released in the last 4 years (or nearly 900 million devices). Depending on what the hacker wants to accomplish, the security flaw can be exploited for anything from data theft to making it a mobile botnet.
Once a malicious app is installed from the device manufacturer, it can get access to the Android system and other applications and their data. The malicious app can then read a user’s emails, SMS and documents; it can get all stored account and service passwords, et al. All in all, the malicious app can take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera and record calls).
How secure are you?
The malicious app can create a mobile botnet. The flaw in Android’s security model exploits the fact that Android apps are cryptographically verified and installed, allowing for APK code modification without breaking the cryptographic signature. Explaining this, he says that all apps within the Play Store come with cryptographic signatures that Android uses to find out if a given app is legitimate and to ensure that it hasn’t been tampered with or modified. Owing to this vulnerability, it is possible to change an application’s code without affecting the app’s cryptographic signature in any way. Simply put, the malware manages to “trick” Android into believing that the app hasn’t been modified, even though it has been.
The Bluebox Security Scanner app for Android devices is currently in v1.2 and works on Android devices running v2.3.3 and above. Users should note here that the app currently cannot scan unreadable, copy-protected apps and these were reported as "trying to evade the scanner". Instead, the app will only show how many such apps were skipped during the scan process.
Comments