The Android operating system has been vulnerable to hackers for the past four years, allowing them to modify or manipulate any legitimate application and enabling them to transform it into a Trojan program.

These Trojan programs can further be used to steal data or take control of the OS.

Researchers at Bluebox Security, a mobile security startup firm in San Francisco, uncovered the flaw and will be addressing the issue in detail at the Black Hat USA security conference in Las Vegas in coming weeks.

The vulnerability identified by the Bluebox researchers effectively allows attackers to add malicious code to already signed application packages (APKs) without breaking their signatures.

When an application is installed and a sandbox is created for it, Android records the application's digital signature, said Bluebox Chief Technology Officer Jeff Forristal. All subsequent updates for that application need to match its signature in order to verify that they came from the same author, he said.

The vulnerability has existed since at least Android 1.6, code named Donut, which means that it potentially affects any Android device released during the last four years, the Bluebox researchers said in a blog post.

"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," they said.

More From This Section

Erdogan challenges social media in top Turkish court

The Twitter block was lifted earlier this month after the court ruled that it breached freedom of expression.

Health care site flagged in heartbleed review

Password change recommended following a review of the government's vulnerability to Heartbleed Internet security flaw.

White House updating online privacy policy

A new privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov

Facebook rolls out location-sharing feature

The feature must be turned on by the user, so people shouldn't expect to broadcast their location unknowingly.


Comments are closed.

Comments (2)

Zoya Bennet
July 8, 2013 9:25 am

On my view, if you take any application or technological growth aspects there are chances to hack it and no wonder Android applications is also in this list. Despite of all these Android is holding the top position in market just because of the best features in it.

Zoya Bennet
July 8, 2013 9:19 am

On my view, if you take any application or technological growth aspects there are chances to hack it and no wonder Android applications is also in this list. Despite of all these Android is holding the top position in market just because of the best features in it.

Explore: Indian elections 2014
Explore: Indian elections 2014
How much do you know about Indian Elections?
How much do you know about Indian Elections?
Poll
From The Newspaper
Tweets