Mobile security company Bluebox has uncovered a major vulnerability in all Android phones that gives hackers the ability to turn legitimate apps and games already installed on your device into Trojan viruses that could cost you a fortune.
Each app on your Android phone has a special digital fingerprint that identifies it as a legitimate, safe piece of software. The “Master Key exploit,” as it’s being called, allows someone to modify these existing apps on your phone, turning your legit copy of Angry Birds into a virus, for example. And because this exploit leaves that digital fingerprint untouched, there’s little way to know your phone is infected with a nasty Trojan – Android is tricked into thinking the altered app or game is safe.
Of course, the real damage happens once a Trojan takes root on your phone. A malicious app can make phone calls and place text messages to expensive, premium numbers (like the 1-900 calls of yore), turn on the camera to take pictures of you without your knowledge, record conversations, send and read your private emails – really, the possibilities for causing personal damage are almost endless.
Thankfully, hackers have yet to make use of this Master Key exploit. And, Google and Android hardware manufactures are working to get a patch out.
In the meantime, Bluebox has a few recommendations to help keep your phone safe. First, “be extra cautious in identifying the publisher of the app (you) want to download” – make sure that copy of Angry Birds you’re installing is from Rovio, for example. And most importantly, keep your device updated – individual phone manufacturers are in the process of updating Android to fix to the security hole, but you’ll need to install it to be safe.
