Mobile security start-up, Bluebox, has released a statement on their blog that they have discovered a vulnerability in Android's security model, allowing hackers to slip malicious code into Android devices unnoticed by your phone's built-in defensive mechanism.
The scope of this vulnerability? 99%, or about 900 million Android devices. Nope, no typo there, according to the company, which first notified Google of the threat in February this year. Apparently, the vulnerability goes back all the way to Android 1.6 “Donut”, or any Android device released in the last 4 years.
Spooky, but in a typical horror movie fashion, we want to know more:
A screenshot by Bluebox demonstrates complete control over the OS
To put this into perspective, the statement claims, apart from the usual Trojan mischief (think SMS tolls), a malicious app taking massive advantage of the hole:
How serious can this get? We don't know, but it's comforting to know that Google is aware of the issue and has already updated their Google Play approval process, blocking out apps with this problem.
Bluebox CTO, Jeff Forristal, announced that he will cover the issue in technical detail in his upcoming Black Hat USA 2013 talk.
source: BlueBox via VentureBeat