Android ‘Master Key’ Security Flaw Discovered

Android 'Master Key' Security Flaw DiscoveredA “master key” that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox. The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

‘Loophole’

The loophole has been present in every version of the Android operating system released since 2009. Google said it currently had no comment to make on BlueBox’s discovery. Writing on the BlueBox blog, Jeff Forristal, said the implications of the discovery were “huge”.


‘Malicious changes’

The bug emerges because of the way Android handles cryptographic verification of the programs installed on the phone. Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with. Mr Forristal and his colleagues have found a method of tricking the way Android checks these signatures so malicious changes to apps go unnoticed.

Any app or program written to exploit the bug would enjoy the same access to a phone that the legitimate version of that application enjoyed. The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves.

Do you think the discovery of this “master key” to Android is significant? Can Google find a way to remedy this loophole?

Source: BBC News

Image: UK Mobile Review

DHS To Extend ‘Trusted Traveler’ Status To Saudi Passengers

DHS To Extend 'Trusted Traveler' Status To Saudi PassengersA Department of Homeland Security program intended to give “trusted traveler” status to low-risk airline passengers soon will be extended to Saudi travelers, opening the program to criticism for accommodating the country that produced 15 of the 19 hijackers behind the Sept. 11, 2001, terrorist attacks.

‘Radical Wahhabism’

Sources voiced concern about the decision to the Investigative Project on Terrorism, which issued a report Wednesday on the under-the-radar announcement — which was first made by Homeland Security Secretary Janet Napolitano after meeting in January with her Saudi counterpart. According to the IPT, this would be the first time the Saudi government has been given such a direct role in fast-tracking people for entry into the United States.

“I think you have radical Wahhabism in certain elements in Saudi Arabia, and I think to be more lenient there than in other places would be a mistake,” Rep. Frank Wolf told the Investigative Project on Terrorism. “There were 15 [hijackers] from that country, and there is a lot taking place in that region.”


‘Low-risk status’

Only an exclusive handful of countries enjoy inclusion in the Global Entry program — Canada, Mexico, South Korea and the Netherlands. According to the IPT, some officials are questioning why Saudi Arabia gets to reap the benefits of the program, when key U.S. allies like Germany and France are not enrolled; Israel has reached a deal with the U.S., but that partnership has not yet been implemented.

The program allows travelers who have undergone a thorough vetting process — fingerprinting, background checks, interviews with customs agents, etc.– to attain a low-risk status that allows them to skip the line at customs and complete their entry process at an automatic kiosk.  The status lasts for five years.

What is your insight regarding “Trusted Traveler” status grants to Saudi travelers? What other countries do you think should or should not be included in this program?

Source: Fox News

Image: Saudi Gazette