(Image Source: Playback / oneclickroot)
Despite being a robust and evolved, Android has many vulnerabilities that are identified as major failures by consumers that use Windows Phone and iOS.
Typically, the problems are due to the installation of applications from unknown sources that end up opening loopholes in the system and installing a series of plagues difficult to remove.
However, recently, another pest is plaguing the lives of many users. In February this year, the Bluebox Security has detected a vulnerability in Android which became known as Master Key
This is a glitch that allows a hacker to modify APKs (compiled files) without the need to break encryptions. This code change can be performed in any app on your smartphone. Let’s see the real dangers and how to solve the problem.
What can happen to my smartphone?
Regardless if you download applications only from the official Google Play or get third-party software, the Master Key means grants the hacker to modify much of the structure of an app. The criminal can easily embed malicious code capable of stealing data without you noticing any unusual activity.
(Image Source: Playback / Android Police)
Despite
could paint and embroidery on your smartphone, the hacker has certain limitations when modifying the program code developed by third parties, since these apps do not have special permissions. However, the real danger lies in the software manufacturers (Sony, Samsung, LG, HTC, Motorola and all others), which are privileged.
If a criminal can install a trojan on a official app from the phone, it will have access to all data (SMS, emails, documents, passwords, and other items) and can also control all functions (make calls, send messages, turn on the camera, record conversations, change the password). Moral of the story: your phone will turn a zombie!
Asinformation from Bluebox, this vulnerability exists in almost all smartphones and tablets launched in the last four years (that have Android 1.6 or higher installed). This means that approximately 900 million devices in the world are at the mercy of hackers.
The fault is not entirely on Google
Without much thought, anyone would blame Google for this vulnerability, after all, it is a failure that has been around for four years and until now has not been repaired. In fact, the owner of Android is primarily responsible, but we should not rush.
Apparently, these four years, almost no one (or perhaps any hacker) had the ability to discover this flaw. Thus, the Master Key was just a problem that it posed potential risks, since there was no criminals able to exploit the loophole.
here in February, Google had to take the scolding, facing the situation head on and accountable to its members. The company found a solution and eliminated the gap. However, the fix – so we found in our tests – was just released on Android 4.3.
(Image Source: Playback / SamMobile)
Now you must be wondering why it was not released to other versions? Well, to apply a correction at this level, you need to install the system completely. Do not just download a simple application, since it can not (for Android security restrictions) to access the system area that is experiencing problems.
If you have a good memory, you might remember that Android 4.2 was released in November 2012. Therefore, the correction could only come in a new version of the system, which was launched in July this year. Anyway, it is worth noting that even the only solution was added to the standard version of the software.
Each manufacturer updated their Android
In the middle of this gigantic problem, Google disclaims lot of responsibility, after all, it only develops and provides system-based Android devices only for the Nexus line. After she provides the source code for third party liability is transferred to each company (Samsung, LG and all others).
(Image Source: Playback / Android Police)
This means that all smartphones (and tablets) that have this loophole should receive an official update from the manufacturer, as each performs adaptations in Android ROMs and must provide specific so that there is full compatibility with every device. Therefore, if your phone is still unprotected, is the fault of the manufacturer!
Knowing all this history, and the dangers, it is quite wise to do an analysis on the phone to find out if he is vulnerable or protected. Let’s see how to proceed.
identify?
- Download and install the application Bluebox Security Scanner;
- Run the program and wait for the result;
- in the “Patch Status” some message indicating “Unpatched / wound”, you should be aware that your device has gaps in the Master Key;
enlarge (Image Source: Tecmundo / Baixaki) - In the second field, the message “Allowed” (Allowed) indicates that apps from untrusted sources can be installed on your phone. You may want to disable the option ( Settings> Security );
enlarge (Image Source: Tecmundo / Baixaki) - The worst problem is the Bluebox find some application with malicious code. This means that possibly fails Master Key has already been explored and data are exposed.
enlarge (Image Source: Tecmundo / Baixaki)
If
fix the problem?
As quoted above, the correction of the breach should happen releases of future versions of Android for each device. However, it is clear that we would not have the courage to report a problem and leave you desperate.
Thus, we teach you how to eliminate the Master Key on devices that have Android 4.0.3 or higher installed – unfortunately we have no clue to previous systems. Here we go:
- root on your smartphone;
- Download and install the Framework Xposed clicking here or using the QR Code below;
- After running the app, click “Install / Update” so that it goes into operation. You must reboot the machine for the settings to come into operation;
(Image Source: Tecmundo / Baixaki) - Now, download and install the fix dual Master Key (application available on Google Play)
- Open Xposed and go to tab “Modules”;
(Image Source: Tecmundo / Baixaki) - Enable Dual Master Key fix.
Piece of cake, right? Now your device is no longer vulnerable. Note that this is a temporary solution, so worth keeping an eye on updates for your device, if possible, install an official patch. We hope to have helped. Until next
No comments:
Post a Comment