Android Update Lets Malware Bypass Digital Signature Check

msm1267 writes "A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file (APK) and not break the app's cryptographic signature — an action that would normally set off a red flag that something is amiss. Researchers at startup Bluebox Security will disclose details on the vulnerability at the upcoming Black Hat Briefings in Las Vegas on Aug. 1. In the meantime, some handset vendors have patched the issue; Google will soon release a patch to the Android Open Source Project (AOSP), Bluebox chief technology officer Jeff Forristal said. The vulnerability, Bluebox said, affects multiple generations of Android devices since 1.6, the Donut version, which is about four years old. Nearly 900 million devices are potentially affected."

Re:Looking forward to 1st August

Bing, Bing, Bing, Bing, Bing, Bing, Bing! What was that sound? It's the sound of a Binger coming to aid those in need! You may have heard that Bing is inferior to Google, and I used to think the same thing before a certain event happened. You see, about two weeks ago I decided to give Bing a try; I searched for my wife's name and discovered that she was about to have a heart attack! Thanks to Bing, I was able to save my wife's life, and since then, I've been a rabid, frothing Binger. You should become a Binger, too! Bing can help you!

Don't believe me? Bing it on! You hoi polloi will never be able to comprehend the mind of a Binger until you become one yourselves! Join me in my Binging!

Re:Android fragmenting

This is exactly why proprietary solutions (iPhone and Windows) are better.

Re:Looking forward to 1st August

I binged your wife's name but all I found were pictures of her having sex with a dog.