Jump to content

KeyStore vulnerability exposes non-KitKat Android devices to malware

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
KeyStore vulnerability exposes non-KitKat Android devices to malware

A major vulnerability that affects nearly 90 per cent of Android devices on the market has been disclosed by an IBM Security researcher.

The flaw, which the author Roee Hay describes as a "classic stack-based buffer overflow", affects the Android KeyStore service on versions prior to KitKat (Android 4.4).

It means that up to 87% of Android users may be affected by that vulnerability (CVE-2014-3100). It is not known whether other customised versions of Android, notably the one that powers the Amazon Fire devices, are also under threat.

Crytographic keys

KeyStore allows the operating system to identify the real developer behind an app using cryptographic keys. The vulnerability means that hackers should now be able to inject malicious code without the developer or the end user's knowledge.

Android however has some inbuilt security mechanisms that prevent hackers from executing malicious code at will. These include data execution prevention (DEP) and address space layout randomization (ASLR).

It leaves the majority of Android devices with some uncertainty given that a lot of older smartphones and tablets do not have an upgrade route to KitKat.

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.imgwYnP7g5RIXk
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept