I won't link nothing since y'all don't trust me but anyone that knows how to exploit stuff can do some serious damage. 99 percent of all devices can get got.
make $$$ brehs with 0-day's. Anyone mess with exploits?
Android is open source software. Does it really matter?
Im slow.. explain.
Long story short, and this goes double/triple/1million for people who have jailbroken.The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: Donut ), could affect any Android phone released in the last 4 years1 or nearly 900 million devices2 and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) that are granted special elevated privileges within Android specifically System UID access.
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these zombie mobile devices to create a botnet.
Uncovering Android Master Key That Makes 99% of Devices Vulnerable » Bluebox Security
Large Professor - Have fun - YouTube
This will be slaughtered with an update bright and early. I believe tmobile pushed out an update recently.
S4 is already patched. I read elsewhere that this only affects applications installed outside of the Google Play store? The vast majority of people don't sideload apps anyway and the rest that do know the risks.
Sucks, but these exploits will always be a cat and mouse game until the end of time. *shrug*
The only risk ppl took was riding with AndriodAndroids security model that allows a hacker to modify APK code without breaking an applications cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user
How is this thread not stickied
I'm not really saying anything? Who said I had to, I don't work for Google and I'm not their PR. I just cited what I have read on the issue.You not really saying anything here. Just saying "They know the risk" is not adequate. Nobody on this site was telling ppl "Yo, if you jailbreak nikkaz might steal your credit card info"
What happens is ppl on here acting like they bulletproof and they "convince" other posters to try shyt out. If this was normal, it wouldn't be a story.
If somebody hacks the regular store... wait a minute. You didn't even read the article
The only risk ppl took was riding with Andriod
I'm not concerned with what nikkas on the internet tell me is risky or not. I and most other people realize that if I'm in as deep as modifying the software on my phone, you potentially open yourself up to certain vulnerabilities.Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app store's application entry process in order to block apps that contain this problem, Forristal said. The information received by Bluebox from Google also suggests that no existing apps from the app store have this problem, he said.