China First To Suffer Android “Master Key” Hack


On July 3, the security firm BlueBox announced that it had discovered a “master key” that allows hackers to take control of users’ phones. In  doing so, it highlighted a struggle that Google Inc (NASDAQ:GOOG), makers of Android, will forever need to worry about given the amount of companies that manufacture Android handsets. Samsung Electronics Co., Ltd. (LON:BC94) (KRX:005930) and HTC Corp (TPE:2498), to name just a couple of the many manufacturers, also reserve the right to add their own interfaces on top of Android. This stands in stark contrast to Apple Inc. (NASDAQ:AAPL) who is the only manufacturer of phones that run its iOS.

Hacking key harvests passwords and photos

Each new Android app has an encrypted signature built-in that the operating system uses to verify that a program is bug-free and has not been tampered with by outside elements. However, BlueBox announced that it had discovered a means by which it could change an app’s code without modifying this signature. They went on to say that using this “master key” could allow the less nice people of the world to install a Trojan on a phone, essentially granting full access to an Android phone. This includes, but is not limited to, harvesting of passwords, recording telephone calls, and taking photos. A user’s phone would send this information to the hacker.

China phone owners fall victim to ‘Android.Skullkey’ hack

Today, the BBC reported that Symantec, the virus protection firm, has found two apps distributed in China that have fallen victim to this exploit. While Google Inc (NASDAQ:GOOG) is looking to rectify the situation and scans its own Google Play app store, the open nature of Android does not protect users from apps distributed elsewhere.

Despite 60% Loss On Shorts, Yarra Square Up 20% In 2020

Yarra Square Investing Greenhaven Road CapitalYarra Square Partners returned 19.5% net in 2020, outperforming its benchmark, the S&P 500, which returned 18.4% throughout the year. According to a copy of the firm's fourth-quarter and full-year letter to investors, which ValueWalk has been able to review, 2020 was a year of two halves for the investment manager. Q1 2021 hedge fund Read More

According to Symantec, attackers have exploited this “back-door”  to install malware called ‘Android.Skullkey’. Skullkey hijacks data from compromised phones, monitors and records texts received and written on the phone, and also sends SMS messages to premium numbers, potentially costing the phone’s owners a large amount of money given the frequency of these texts before discovery.

“We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices,” Symantec’s report warned.” Symantec recommends users only download applications from reputable Android application marketplaces.”

Both programs that Symantec found the exploit embedded in were designed to help users make doctor appointments from their phones and tablets. Symantec also said that users could simply remove Skullkey in the settings menu of their devices.

Previous article Researchers Implant False Memories In Mice
Next article Activision Buys Vivendi In $8.17 Billion Deal
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>

No posts to display