IT security experts from BlueBox Security reported on a very serious vulnerability in Android mobile OS starting with version 1.6. Potential victims are almost 900,000,000 devices. To operate vulnerability, dishonest programmers need to once convince the user to install an infected update from an unreliable source, after which the device will be controlled by attackers. The safety hole makes it possible to change the source code of archival files .APK, while leaving an untouched cryptographic signature that is used to verify the authenticity of applications. BlueBox Security experts report that theoretically hackers can take full control over Android devices, as well as gain access to user data. Google was informed about the problem back in February, however, by this moment, the correction came out for only one smartphone – Samsung Galaxy S4.
Source: BlueBox