now we are continuing.......
Thus we are sending you some Android weakness that invites Hackers to turn genuine Apps into some malicious Trojans and viruses
Some Researchers have disclosed the security threat in Android that can be broken by cybercriminals to turn any genuine application into a malicious programs.This can be done by changing the APK code without breaking the targeted application's cryptographic signature.
Bluebox Labs Experts,Bluebox Security research team have said that the vulnerability can affect almost 900 million Android devices or we can say that Android versions that are starting with 1.6 have an impact of this.
Hackers can modify the application in such a way that it can go completely unnoticed not only by the end user but also by the phone and even the app store.If we install a Trojan application that has full permissions, allows the attacker to read sensitive data from the phone and after that the complete control of the device is in the attacker's hand.
And finally the most disturbing one is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving i.e. hard-to-detect nature of these ‘zombie’ mobile devices to create a botnet,” Jeff Forristal, Bluebox CTO that are discussed.
So how does it work?
All Android applications contain cryptographic signatures that the operating system uses to determine if an application is genuine, and if it has been tampered with. However, the weakness influences the inconsistencies in how apps are cryptographically verified and installed that allows an hacker to modify the APK code without breaking the cryptographic signature.
The weakness is already reported to Google in February 2013. However, now it depends on the device manufacturers to develop and release firmware updates for their products.
Technical information of the weakness will be presented by experts at the future coming BlackHat USA 2013 security conference.