• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Android bug leaves cryptographic keys open to hackers

Updated on Jul 2, 2014 by Guest Authors

It’s hard to make financial and banking transactions through your smartphone without feeling wary about the security implications, but sometimes users trade safety for comfort and time.

So given the large number of people doing their business on mobile platforms, it’s alarming to know that there is a new vulnerability spotted on Android version 4.3, which accounts for more than 10 percent of handsets.

IBM security experts have recently shed light on the Android bug that works to give hackers access to cryptographic keys belonging to banking and virtual private network activities, as well as sensitive credentials for virtually cracking open the internals of flawed devices.

android-bug-key-hack

It has been found that the bug is infecting the Android KeyStore, which stores those sensitive data. The KeyStore flaw allows attackers to administer malicious codes into the device to bring out the keys related to banking, applications, PINs and patterns for unlocking the device.

There is good news for KitKat users, or version 4.4, Google already has a patch for the vulnerability. Although the other versions of Android are not affected by the bug thus far, there’s a good measure it will reach that point, and it’s equally alarming because at least 86 percent of those devices still don’t have the necessary fix.

So the problem also lies in the wide fragmentation of the Android ecosystem, making it less practical for developers to release updates on a regular basis.

Thankfully, the flaw does not serve the hackers with silver platter. The data execution inhibitor and random address space layout randomization prevent hackers to a certain degree from executing malicious code as these software tools provide a good measure of protection for Android devices.

But the fact that the vulnerability lies in the KeyStore cannot be underestimated, because it is the core storage of authentication credentials for the apps, meaning that if a third-party gains control of it, the attacker could slip into other apps and services that the user has previously accessed without having to enter login credentials such as a username and password. Therefore, apps for entering your online banking account could be generally safe from this attack, though there’s still room for caution.

The bad news is that other accounts such as email and social media run the risk of receiving and spreading spam and malware because of the bug. When it comes to corporate networks, the VPN credentials transmitted to a mobile device, especially in BYOD programs common among companies nowadays, could expose the sensitive IT system to attacks and may compromise the whole enterprise.

Then again, prevention is the best tool to ward off security threats. Check apps before you download and install them for potential risks.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 · All Rights Reserved