Bluebox CTO Jeff Forristal to Disclose Details of Android 'Master Key' Vulnerability at Black Hat

"Android: One Root To Own Them All" Demonstrates the Potential Effect on 99 Percent of Android Devices

Marketwired

SAN FRANCISCO, CA--(Marketwired - Jul 29, 2013) - Bluebox Security, a stealth startup tackling enterprise mobile security, today announced that Bluebox chief technology officer, Jeff Forristal, will present on July 31 at Black Hat USA in Las Vegas, Nevada. The presentation, "Android: One Root To Own Them All," will discuss a widely reported vulnerability discovered by Forristal in Android's security model that allows a hacker to modify APK code without breaking an application's cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The vulnerability was announced by Bluebox on July 3.

WHAT: "Android: One Root To Own Them All"

WHEN: August 1, 11:45am

WHERE: Black Hat 2013, Las Vegas, Nevada

WHO: Jeff Forristal, chief technology officer, Bluebox

The presentation is a case study showcasing the technical details of Android security bug 8219321, disclosed to Google in February 2013, which allows hackers to modify an application's code without breaking the application's cryptographic signature. The vulnerability affects a wide number of Android devices, across generations & architectures, with little to no modifications of the exploit. The presentation will review how the vulnerability was located, how an exploit was created, and why the exploit works.

About Bluebox Security
Bluebox Security is a stealth startup focused on enterprise mobile security. Backed by Andreessen Horowitz, Sun Microsystems co-founder, Andreas von Bechtolsheim, SV Angel and Google Board member Ram Shriram, Bluebox Security is headquartered in San Francisco. For more information visit www.bluebox.com.

Contact:
Media Contact
Katherine Nellums
LEWIS PR
+1.415.432.2451
Email Contact
View Comments (0)