99% of Android devices can be completely 'taken over' through a massive vulnerability hole
Mobile security start-up, Bluebox, has released a statement on their blog that they have discovered a vulnerability in Android's security model, allowing hackers to slip malicious code into Android devices unnoticed by your phone's built-in defensive mechanism.
The scope of this vulnerability? 99%, or about 900 million Android devices. Nope, no typo there, according to the company, which first notified Google of the threat in February this year. Apparently, the vulnerability goes back all the way to Android 1.6 “Donut”, or any Android device released in the last 4 years.
Spooky, but in a typical horror movie fashion, we want to know more:
A screenshot by Bluebox demonstrates complete control over the OS
To put this into perspective, the statement claims, apart from the usual Trojan mischief (think SMS tolls), a malicious app taking massive advantage of the hole:
How serious can this get? We don't know, but it's comforting to know that Google is aware of the issue and has already updated their Google Play approval process, blocking out apps with this problem.
1. chunk1x (Posts: 248; Member since: 25 Jun 2011)
For android fans, they called this problem a YOLO.
10. SuperAndroidEvo (Posts: 4433; Member since: 15 Apr 2011)
There is NOTHING that is hack proof. The US Government can be hacked, Verizon, AT&T, Android, Apple & anything under the sun.
I always find these articles just so pointless.
Just so we know boys & girls.... if you are on the web or if you own a computer or smartphone there is a HUGE vulnerability hole to everything. That includes all the goverments of the world.
It's like every week the same article is written but with different titles. lol
13. chunk1x (Posts: 248; Member since: 25 Jun 2011)
The problem with hardcore fans of all sides is that take a silly joke way to seriously.
16. alterecho (Posts: 1091; Member since: 23 Feb 2012)
Wonder what some replys would have been if it were Apple that was affected.
17. chunk1x (Posts: 248; Member since: 25 Jun 2011)
In that iOS camp, denial and end of the world state of mind for iFans. Then followed by angry mob with pitch forks and torches to the unlucky prankster.
26. Jobayer (Posts: 153; Member since: 22 Feb 2013)
Dude, if u find them pointless, dont read them . Yes nothing is hack proof .But the problem is there for 4 yrs !!!
39. SuperAndroidEvo (Posts: 4433; Member since: 15 Apr 2011)
The reason why I find these articles pointless is because they are CLEARLY stating the obvious. It's like saying humans die if they don't breathe air.
We all know that anything computer related can be hacked yet we consistently keep reading the same article with just a different title.
Tell us something we don't know.
Also buddy please get a clue. lol
2. RaKithAPeiRiZ (Posts: 1385; Member since: 29 Dec 2011)
app data and payment records? ..if they hack mine ,all they will find is a phone full of pirated apps
4. grahaman27 (Posts: 349; Member since: 05 Apr 2013)
Pirated apps is where malicious code can come from.
12. SuperAndroidEvo (Posts: 4433; Member since: 15 Apr 2011)
Yeah that phone of his is the dirtiest virus/malware phone on Earth. I hope he at least practices safe sex. lol
8. SonyXperiaNexus (Posts: 374; Member since: 01 Oct 2012)
lol, but they can still get your passwords, record your phonecalls, read and send sms and use the camera to see what ur doing, pretty scary if u ask me
18. feres13 (Posts: 306; Member since: 23 Dec 2011)
I hope that by "pirated apps" you mean apps that aren't from the Play store, not paid apps from the Play store that you got for free
28. Shatter (Posts: 2031; Member since: 29 May 2013)
By pirated he means he downloaded paid apps for free.
3. grahaman27 (Posts: 349; Member since: 05 Apr 2013)
As of right now there is no reason to fear getting malware on your phone if you use your phone like 99% of people do.
6. RaKithAPeiRiZ (Posts: 1385; Member since: 29 Dec 2011)
there is nothing to worry because the NSA's already taking care of it
7. boosook (Posts: 1091; Member since: 19 Nov 2012)
Come on... this happens only if you install malicious apps downloaded from outside the market, so it will affect only a minority of users which implicitly accept the risk. That's not 99% of Android users.
Anyway I agree that this is a nasty bug.
9. SonyXperiaNexus (Posts: 374; Member since: 01 Oct 2012)
11. Samsomesh (Posts: 180; Member since: 11 Jun 2012)
Google should introduce it's own antivirus that will have access to all the system..:
14. medicci37 (Posts: 716; Member since: 19 Nov 2011)
Every time I play wwf last 2 days a very annoying add 4 a new movie keeps playing. & sometimes when I'm not. Anyone know how 2 stop this?
15. darkkjedii (Posts: 12654; Member since: 05 Feb 2011)
Android fanboys call this innovation. Android users realize this is an issue.
22. grahaman27 (Posts: 349; Member since: 05 Apr 2013)
Its not an issue, its an exploit. to say its an issue is like someone saying that being able to jailbreak an iphone is an issue.
this is not a virus, this is one exploit. iOS can have the same problem just an FYI.
36. blingblingthing (Posts: 459; Member since: 23 Oct 2012)
It isn't an issue for any tech savvy person, stick to legit sources and stay safe.
19. ama3654 (Posts: 249; Member since: 27 Nov 2012)
You forgot to mention Galaxy S4 is immune to it.
"Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit "
21. FISTFLY (Posts: 27; Member since: 03 Jul 2013)
Does it mention why only Galaxy 4?? Just curious
32. tedkord (Posts: 5278; Member since: 17 Jun 2009)
Its a known issue. Samsung patched it prior to release.
23. Kjayhawk (Posts: 291; Member since: 07 Oct 2010)
This MASSIVE vulnerability is just the security companies trying to scare you. It can't be found on the play store only through apps that you download from a third party source. Which google tells you specifically that downloading from third party stores can greatly increase your chance of malware. No News here
24. TBomb (Posts: 176; Member since: 28 Dec 2012)
These numbers could also be "accurate" but misleading.
27. clevername (Posts: 1431; Member since: 11 Jul 2008)
Idk why people don't wanna see what's written. Stop thinking this is only for apps downloaded outside of the play store. The article said google has updated their play approval process to block these apps. Which means the problem IS with apps in the play store. The big problem is what about the apps already in the play store that don't have to go through googles new approval process. So regardless of where a user gets their app from or how they use the phone they are vulnerable.
just the risk of an open os. Its up to the user to decode if its worth it.
30. Kjayhawk (Posts: 291; Member since: 07 Oct 2010)
No, Google play services removed blocked the exploits and heres my favorite part the exploit was found by a SECURITY SERVICE it is not being used by any hackers, there is no app that you can download on the google play store that has this defect (Theres malware on the play store just not this one). Unknown till now, as far as were concerned ZERO DEVICES are being harmed from this.
If anything you should be glad this was found by a security company rather than a group of hackers.
As for downloading apps from a third party source you have been warned by google to be careful when downloading apps.
31. Chris.P (Posts: 309; Member since: 27 Jun 2013)
That's not, strictly speaking, the way of it. Sure, Google has taken steps to remedy the situation, and sure - third-party app stores are the OS version of the Wild West :)
This is still at the very least news worthy, because the range of flawed devices is just enormous, no - almost all-inclusive. Moreover, even though there is no way to know for sure how many devices (if any at all) have been compromised, this exploit has, apparently, been out in the wild for _4_ years, 98% from the length of which Google had no clue whatsoever.
Could the company be overplaying it? Usually - yes. But in this case you have a documented case, to be discussed during the Black Hat conference and Google has taken steps to fix it. In other words, the threat is/was there :).
38. roscuthiii (Posts: 1873; Member since: 18 Jul 2010)
As I don't see an "update" notation, I will have to assume this part here: "How serious can this get? We don't know, but it's comforting to know that Google is aware of the issue and has already updated their Google Play approval process, blocking out apps with this problem." had already taken place by the time of your writing of the article.
Which means your sensationalizing the story and fear mongering. Especially taking the title into consideration.
As a private security consultant, how about I clue you in on something else. 100% of people who live in a home are vulnerable to burglary.
That's basically all your article is.
29. lyndon420 (Posts: 1786; Member since: 11 Jul 2012)
Oh boy. I sure hope no one hacks into my phone and finds all my porn.
33. mas11 (Posts: 1032; Member since: 30 Mar 2012)
And yet even the best hackers can't exploit most Motorola bootloaders.
34. Zero0 (Posts: 583; Member since: 05 Jul 2012)
Don't you have to install from outside the Play Store for this to happen, though? You can't just arbitratily modify code on someone's device, you have to change the files somehow before you can get in.
It's a hole, but most people won't be affected. And it probably could be easily fixed with an MD5 check or something along those lines. Google Play Services might even be able to roll out such a security patch.
35. skyguy7567 (Posts: 148; Member since: 17 Nov 2012)
Bought Norton Security. Using my Xperia Z without concern. Deeper research into the software of different android manufacturers show that Samsung's pre-set android system to be the most vulnerable to hacks and similar attacks.
37. piyath (Posts: 152; Member since: 23 Mar 2012)
Hackers do not bother to hack Apple cuz it is a fruit and it is useless..