New Vulnerability in Android discovered, which affects Millions of Devices

A new Flaw in Android has been Discovered: It is being termed as FakeID, and affects all phones with an Android Version between 2.1 and 4.4, which means that this flaw affects upto 82.9% of All Android Devices.

Your Android Device relies on Certificates, to only allow certain Apps for accessing other Apps, or the Android System itself. Basically, by exploiting the Fake ID Vulnerability, an App can act as if it has the necessary credentials, which results in it getting access to all Apps and the Android System, giving it potential for introducing malicious Code into the System.

As explained by The Guardian:

“There are “parent certificates” and “child certificates”, which are checked against one another upon installation to ensure they match up and the app is trusted. The parent, usually handed down by the original software creator, effectively proves the child is worthy of being trusted, as part of what is known as the “certificate chain”.

“For instance, any app that contains a parent certificate from Adobe Systems is allowed to launch a webview plugin, which is used to load HTML code in apps, in all other applications.

So an attacker could create a new certificate that appeared to have been issued by Adobe and merge it with the child certificate of a malicious application. That bad app would then get all the permissions Adobe software would without the user being alerted.”

The more scarier part? An Application could in the same way get all the priveleges of Google Wallet, and put your Money at risk.

The Vulnerability was discovered by Bluebox Labs. and is said to be patched in Android Kitkat. It is scary to see that such a bug has existed for so long in Android. The fact of the matter is that, 82.9% of Android users still aren’t on Kitkat, and are therefore Vulnerable. What do you think of Fake ID?

Advertisements

What are your Thoughts? Speak your Mind!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s