Wed, Jul 23, 2014, 7:35 PM EDT - U.S. Markets closed


% | $
Click the to save as a favorite.

BlackBerry Limited Message Board

  • fedele123 fedele123 Jul 4, 2013 1:49 PM Flag

    99% of All Android Phones Have A 'Master Key' Flaw That Gives Hackers A Back Door

    Google this title, the android system is not secure. End of story. BBRY IS!!!!!!

    SortNewest  |  Oldest  |  Most Replied Expand all replies
    • I copied this article below, because this is very important news for BBRY

    • Here I'll copy it in:

      William Wei, Business Insider
      Ninety-nine percent of Android phones contain a "master key" flaw that allows hackers to access all apps inside the phone, according to Jeff Forristal, CTO of Bluebox Security.
      The flaw leaves Android phones massively vulnerable to malware, botnets and computer fraud, he claims in a blog post:
      The implications are huge!
      ... Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls).
      Google was alerted to the flaw in February, Forristal told the Black Hat USA conference for internet security experts.
      The flaw is conceptually very simple, at least the way Forristal explains it. The flaw allows an app's "application package file" — its software, basically — to be changed without changing the app's cryptographic signature. So the app reads as genuine even though it has been altered by hackers or malware. Forristal writes:
      All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.
      The flaw has existed since 2009, according to Endgadget.
      Google has so far declined comment. We'll update this item if the company makes a statement.
      The good news, according to CIO, is

    • Qnx will rule the smart phone space.. Resistance is futile.

9.83-0.09(-0.91%)Jul 23 4:00 PMEDT

Trending Tickers

Trending Tickers features significant U.S. stocks showing the most dramatic increase in user interest in Yahoo Finance in the previous hour over historic norms. The list is limited to those equities which trade at least 100,000 shares on an average day and have a market cap of more than $300 million.