An independent group of researchers has identified Bluebox in the Android operating system security vulnerabilities, which can be fully exploiting the gain control of the mobile operating system. The vulnerability affects the way Android allows legitimate applications (those with special cryptographic signature) installed in the system and to ensure the integrity of the application code.
The company Bluebox say that the original system of digital signatures need to be sure that the application being installed is the one of which he says he is, and besides, it has not been modified in transit to the user. However, the system checks the integrity of the bug was found, and the bug has existed since the version Android 1.6, which is almost four years.
Hackers can use this vulnerability to modify the code. Malicious applications exploit the same system function as legitimate. According to experts, this is especially dangerous when modified by the program was originally produced by the product manufacturer and has wide system privileges. In addition, malicious applications get automatic access to privilege escalation, which is managed by the operating system.
“The application can then not only read the data on the device, such as email, SMS or documents, but also to gain access to the passwords of different accounts that are recorded on your smartphone or tablet. An application can also access the normal phone functions, such as short messages, telephone calls, on and off camera. Finally, the most unpleasant – hackers can create a number of always-on device, part of the botnet, “- said in a statement Bluebox.
The company also said that only now publish data about the problem, while Google itself reported this back in February.