Bluebox Security some time ago discovered a vulnerability in nearly every Android device released in the last four years that allowed attackers to modify code of legitimate applications without breaking their cryptographic signature. Hackers can exploit the vulnerability for all kinds of malicious activities, including data theft or abusing infected devices as botnets.
You can read up on the technical details of the vulnerability on the Bluebox website. Google in the meantime has created a patch for the issue which it delivered to Android device manufacturers. It is however up to each individual manufacturer to deploy the patch, so that your device may have received it already, or is still vulnerable to the exploit.
Bluebox has released a new application for Android that checks whether your smartphone or tablet is vulnerable or patched. Simply go to Google Play and install the Bluebox Security Scanner application from there.
All you have to do then is to run the application on your phone or tablet to find out if it is patched or not:
The scanner cannot scan apps in the copy protected folder under /mnt/asec/ due to operating system limitations.
You do not need to do anything if your device is listed as patched. If it is unpatched, you cannot really do a lot about it either. What you should do however is be very careful in regards to new application installations, especially if they come from sources outside the Google Marketplace.
From the looks of it, it appears that Samsung has already pushed out the update to its devices, and that HTC has already patched at least some of the company's devices as well.
The application highlights if your system has been patched or not which may ease your mind if it is already patched or at least make you aware of the issue if it has not been patched yet. You can uninstall the application if the vulnerability has been fixed on your device, but may cling on to it if it has not. (via Caschy)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.