Android Master Key: Duo Security and Researchers at Northeastern Create App to Patch the Security Flaw (LINK)

A security research firm, Bluebox Security, discovered a flaw in the security of the Android operating system for mobile devices that left 99 percent, or more than 900 million users, vulnerable to hacker attacks, offering people smart enough to exploit the flaw a "master key" to the Android system allowing the person to take complete control of any Android-powered device. On Tuesday, security firm Duo Security and Researchers from Northeastern University's System Security Lab have developed a patch that Android users can now apply to their devices and be protected from the security breech.

The two organizations have announced the release of ReKey, a free mobile app that's designed to patch the Android master key vulnerability. It can be downloaded via the Google Play marketplace or HERE at the dedicated ReKey website.

Unfortunately for users, there is a small caveat that comes with the new patch. According to Information Week, the app can only work on rooted devices. All Android users are told to consider rooting their devices and updating so that they can download the app and be protected from the potentially serious vulnerability in their device's security.

"This vulnerability can be used to replace legitimate apps on an Android device with malicious versions. Apps with many permissions -- like those from the phone's manufacturer or the user's service provider -- are at particular risk," said Trend Micro security researcher Jonathan Leopando in a blog post. "Once on the device, they can behave in the way that any malicious app would, except the user would think they were a completely legitimate app. For example, a modified/Trojanized app for a bank would continue to work for the user, but the credentials would have been sent to an attacker."

In addition to trying to get the flaw patched on all devices, Google is now screening all apps that it distributes via the Google Play store for signs that any the applications offered have been weaponized in order to exploit the flaw.

Real Time Analytics