burglar

Got an Android device, that’s not a Samsung Galaxy S4? Download this. Then use it to check for the Master Key exploit (the app will walk you through it). Why? While you’re waiting to see what’s wrong with your phone, we’ll explain what’s going on. If you’re looking to download a safe app to check the daily weather, take a look at some of the best free weather apps for Android.

Bluebox is a security company that specializes, as you may have guessed from the name if you’re an old-school nerd, in mobile phone and mobile computing security. And recently they made something of a splash by turning up an exploit they call Master Key. And it’s a singularly nasty exploit that affects 99% of all Android devices. And if you’re a socialite, or just bored often, the best Twitter apps for Android that are highly customizable in their look and features will do you good.

Essentially, all Android apps have a “signature”, an encrypted bit of business that tells Google that, yes, this app is legitimate and no, this app has not been modified. One problem, though; a gap in how these signatures are verified means a smart hacker can mess around with the app while leaving the cryptographic signature completely unchanged. In effect, this means that any app, any app at all, could be turned into a Trojan, breaching your phone and collecting all the data on it. Including, say, your credit card numbers, Facebook credentials, and other fun stuff. And since music is also such a fun part of life, you should invest in any of the best Android apps for music, and the best part is that most of them are free. For other free apps that will help kill time when you’re bored, take a look at some of the best free Android games that include word teasers, shooters, puzzle games, and trivia games.

Worse, this flaw dates way, way back, to Android 1.6, meaning almost every device on the market and in use is vulnerable to the exploit. The good news is that Google is aware of the problem and is fixing it: The bad news is that your device manufacturer has to create a firmware update and plug the hole themselves. In short, we’d avoid downloading any apps until you get the all clear from your hardware manufacturer. Except, of course, Bluebox’s app, which will also check your device for any security vulnerabilities related to Master Key.

daytimeburglar

Unless the app itself has been breached. Isn’t paranoia fun?

Dan Seitz

Dan Seitz is an obsessive nerd living in New England. He lives in the Boston area with a fiancee, a dog, a cat, and far too many objects with processors.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *