Vulnerability in Android allows you to modify the application

Vulnerability in Android allows you to modify the application

     An independent group of researchers has identified in the Android operating system security vulnerabilities, which can be fully exploiting the gain control of the mobile operating system. The vulnerability affects the way Android allows legitimate applications (those with special cryptographic signature) installed in the system and to ensure the integrity of the application code.

      Bluebox The company said that the original system of digital signatures need to be sure that the application being installed is the one of which he claims to and moreover it has not been modified during the delivery to the user. However, the system checks the integrity of the bug was found, and the bug has existed since the version Android 1.6, which is almost four years. Hackers can use this vulnerability to modify the code to include the backdoors, keyloggers and other malicious filling, leaving a verification signature unchanged. Malicious applications exploit the same system function as legitimate.

     According to experts, this is especially dangerous when modified by the program was originally produced by the product manufacturer and has wide system privileges. In addition, malicious applications get automatic access to privilege escalation, which is managed by the operating system. "application can then not only read the data on the device, such as email, SMS or documents, but also to gain access to the passwords of different accounts that are recorded on your smartphone or tablet.

      An application can also access the normal phone functions, such as short messages, telephone calls, on and off camera. Finally, the most unpleasant - hackers can create a number of always-on device, part of the botnet, "- said reported Bluebox. Bluebox also say that only now publish data about the problem, while Google itself reported this back in February.