This probably isn’t news that you want to hear; Bluebox Security, who specialize in mobile security, have found an Android vulnerability that may have existed in the Android ecosystem since 1.6. Yes, that’s Donut for everyone keeping track.
The vulnerability allows ‘hackers’ the ability to corrupt a genuine Android .apk file without making it look malicious, and if installed on the victim’s phone, can potentially allow the hacker to gain full control over the phone.
In an article by CIO, it claims that the only phone immune to this kind of malicious activity is the Samsung Galaxy S4, and that fixes for Nexus devices are on their way. Bluebox says that this information was passed onto Google via the proper channels as early as February, and as the onus is on the device manufacturers to distribute fixes for these security issues, it’s a bit worrying that only one phone in existence has been made immune from this threat. And as the vulnerability has existed for so long already, it’s likely to remain on some older devices presumably indefinitely.
Scary stuff. What do you make of this Android vulnerability? Let us know what you think below.
