Almost a Billion Vulnerable Android Devices
July 16, 2013
By Jack Walsh

Researchers at Bluebox, a new mobile security company, recently found a serious vulnerability affecting almost every version of Android. Vulnerable Android versions include all recent versions as well as those dating back to version 1.6 (code name: Donut) that was released in September 2009.

The vulnerability that the company calls the “Android Master Key” has the potential to impact almost a billion devices – well 900 million but who is counting? With almost a billion vulnerable Android devices, and given that any app could be susceptible, the need for mobile application testing like that provided by ICSA Labs for enterprise apps is paramount.

Jeff Forristal, the Bluebox CTO, wrote about the sweeping Android vulnerability recently on the company’s blog. In addition, he will be presenting more information about their findings at the Black Hat USA Conference later this summer.

While Bluebox informed Google about the vulnerability way back in February 2013, fixes appear few and far between. In fact, any fixes will most likely not be coming from Google. Because of the segmented nature of the Android operating system, fixes will have to individually come from each of the mobile device manufacturers (i.e., HTC, Kyocera, LG, Motorola, Pantech, Samsung, etc.).

Therefore if your organization supports the use of Android devices then it would make sense to reach out to each smart phone manufacturer supported by your company. Ask the device manufacturer about its timeline for fixes to the “Android Master Key” vulnerability. Also, as Google Play is the only app store that is able to monitor apps for this weakness, it may be wise to temporarily restrict app downloads from the myriad of other Android app stores until this vulnerability is overcome.


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.