‘Master Key’ Vulnerability Exposed To Hackers; Six Apps in China Exploited

Symantec has discovered six Android applications designed for Chinese users on third-party app sites infected by 'Master Key' vulnerability.

Symantec, American global computer security software corporation, has discovered six Android-based applications designed for Chinese language users on third-party app sites that uses the "master key" vulnerability. This exposure gives hackers full access to the user's Android smartphone without their knowledge. Hackers can easily access private information such as phone numbers, device's IMEI number and control the normal functioning of the phone like sending messages or turning the camera on.

The flaw, which was considered hypothetical at the time of discovery in July, has made its way to legitimate Android apps. The apps with the flaws were distributed on the Android market. They include two health apps used to find and make doctor appointments, a popular news app, an arcade game, a card game, and a betting and lottery app, Symantec wrote in a Blog Post.

Bluebox Security, a mobile security vendor, discovered the master key vulnerability that left 99 percent, or more than 900 million users exposed. The company said that the flaw allows modification of a legitimate application's code without making changes to its cryptographic digital signature, which does not interfere with Android's authentication process.

Google and several other security vendors issued patches for the flaw to protect the device from being exposed to hackers. Mobile phone operators should send the patch to the flaw which can be updated on the phone, which usually takes a long time. Users can also manually apply the patch.

In the mean time, Google is running a thorough scan in its Play Store to identify and eliminate any infected programs.

Symantec has also advised Android users to protect their devices by downloading security software and avoid third-party app sites.

Tags
Master, Key, Vulnerability, Exposed, Hackers, Six, Apps, China, Infected
Real Time Analytics