Find out if your Android is vulnerable to the MasterKey exploit

Bluebox Security some time ago discovered a vulnerability in nearly every Android device released in the last four years that allowed attackers to modify code of legitimate applications without breaking their cryptographic signature. Hackers can exploit the vulnerability for all kinds of malicious activities, including data theft or abusing infected devices as botnets.
You can read up on the technical details of the vulnerability on the Bluebox website. Google in the meantime has created a patch for the issue which it delivered to Android device manufacturers. It is however up to each individual manufacturer to deploy the patch, so that your device may have received it already, or is still vulnerable to the exploit.
Bluebox has released a new application for Android that checks whether your smartphone or tablet is vulnerable or patched. Simply go to Google Play and install the Bluebox Security Scanner application from there.
All you have to do then is to run the application on your phone or tablet to find out if it is patched or not:
- Patch Status indicates whether your device manufacturer has distributed the patch already or if your device is still unpatched and therefore vulnerable to the MasterKey exploit. The status reads unpatched/vulnerable in this case.
- Non-Google Market installs checks if application installations from unknown sources are allowed on the device or not.
- Malicious App Scan scans all installed apps for traces of malicious code and will report back to you if any are found so that you can react immediately to the threat.
The scanner cannot scan apps in the copy protected folder under /mnt/asec/ due to operating system limitations.
You do not need to do anything if your device is listed as patched. If it is unpatched, you cannot really do a lot about it either. What you should do however is be very careful in regards to new application installations, especially if they come from sources outside the Google Marketplace.
From the looks of it, it appears that Samsung has already pushed out the update to its devices, and that HTC has already patched at least some of the company's devices as well.
Verdict
The application highlights if your system has been patched or not which may ease your mind if it is already patched or at least make you aware of the issue if it has not been patched yet. You can uninstall the application if the vulnerability has been fixed on your device, but may cling on to it if it has not. (via Caschy)
Advertisement
Uhh, this has already been possible – I am not sure how but remember my brother telling me about it. I’m not a whatsapp user so not sure of the specifics, but something about sending the image as a file and somehow bypassing the default compression settings that are applied to inbound photos.
He has also used this to share movies to whatsapp groups, and files 1Gb+.
Like I said, I never used whatsapp, but I know 100% this isn’t a “brand new feature”, my brother literally showed me him doing it, like… 5 months ago?
Martin, what happened to those: 12 Comments (https://www.ghacks.net/chatgpt-gets-schooled-by-princeton-university/#comments). Is there a specific justifiable reason why they were deleted?
Hmm, it looks like the gHacks website database is faulty, and not populating threads with their relevant cosponsoring posts.
The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk that it’s about to be deleted from my ‘daily reads’.
It’s really like “Press Release as re-written by some d*ck for clicks…poorly.” And the subjects are laughable. Can’t wait for “How to search for files on Windows”.
> The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk…
Sadly, I have to agree.
Only Martin and Ashwin are worth subscribing to.
Especially Emre Çitak and Shaun are the worst ones.
If ghacks.net intended “Clickbait”, it would mark the end of Ghacks Technology News.
Ghacks doesn’t need crappy clickbaits. Clearly separate articles from newer authors (perhaps AIs and external sales person or external advertising man) as just “Advertisements”!
We, the subscribers of Ghacks, urge Martin to make a decision.
because nevermore wants to “monetize” on every aspect of human life…
“Threads” is like the Walmart of Social Media.
How hard can it be to clone a twitter version of that as well? They’re slow.
Yes, why not mention how large the HD files can be?
Why, not mention what version of WhatsApp is needed?
These omissions make the article feel so bare. If not complete.
Sorry posted on the wrong page.
such a long article for such a simple matter. Worthless article ! waste of time
I already do this by attaching them via the ‘Document’ option.
I don’t know what’s going on here at Ghacks but it’s obvious that something is broken, comments are being mixed whatever the article, I am unable to find some of my later posts neither. :S
Quoting the article,
“As users gain popularity, the value of their tokens may increase, allowing investors to reap rewards.”
Besides, beyond the thrill and privacy risks or not, the point is to know how you gain popularity, be it on social sites as everywhere in life. Is it by being authentic, by remaining faithful to ourselves or is it to have this particular skill which is to understand what a majority likes, just like politicians, those who’d deny to the maximum extent compatible with their ideological partnership, in order to grab as many of the voters they can?
I see the very concept of this Friend.tech as unhealthy, propagating what is already an increasing flaw : the quest for fame. I won’t be the only one to count himself out, definitely.
@John G. is right : my comment was posted on [https://www.ghacks.net/2023/08/23/what-is-friend-tech/] and it appears there but as well here at [https://www.ghacks.net/2023/07/08/how-to-follow-everyone-on-threads/]
This has been lasting for several days. Fix it or at least provide some explanations if you don’t mind.
> Google Chrome is following in Safari’s footsteps by introducing a new feature that allows users to move the Chrome address bar to the bottom of the screen, enhancing user accessibility and interaction.
Firefox did this long before Safari.
Basically they’ll do anything except fair royalties.