Jul 29, 2014

Google Android "Fake ID" Security Flaw Discovered: What You Need to Know

Bluebox Labs, the mobile security research team at BlueBox Security, announced the discovery of an Android flaw they have dubbed “Fake ID”. “Fake ID” exploits a device’s digital signature, which Android uses to verify that apps are who they say they are.

Essentially, the issue is that while Android checked that an app had the correct ID before granting it special privileges, it failed to check that the ID was in fact valid and not forged. As reported to the BBC, the researchers liken it to a visitor flashing his valid-looking badge to a security guard, but the guard failing to call the employer of that visitor to verify he is who he says he is. “Fake ID” is concerning because no action or approval is required of the device owner and any actions taken are hidden. In one example, the faked certification signature could be exploited by an app to impersonate Google Wallet to obtain payment data. The flaw is said to affect Android from the January 2010 release of 2.1 up to Android 4.3.

For in-depth technical details on how the exploits work, see Bluebox Lab’s post here.

Does this affect the LastPass Android app?

If you do not install apps from untrusted sources, you're likely safe. Google has scanned all of the apps in the Google Play store, and confirmed they have not seen anyone attempt to exploit this flaw to date. Since the flaw has just been released, it is unlikely that any malware has been written to take advantage of it yet.

Because it can be used to exploit this flaw, we have disabled the Adobe Flash plugin from loading in the LastPass browser, and have issued an update to our app. This affects only Android 4.3 and earlier, since Android 4.4 and later does not include Flash, and is therefore not susceptible to this bug. Even if a malicious app were to gain control of the device, all it would be able to get from LastPass would be a highly encrypted, unusable blob of data. Disabling offline access in the LastPass app’s preferences would also prevent this blob from being stored locally.

Advice on actions to take:

While this flaw is serious, most Android users should be able to avoid being affected by:
  • Only downloading apps from the Google Play Store - apps downloaded from outside the store are not regulated by the app store policies.
  • Avoiding untrusted apps - only download apps published by companies you know and trust.
  • Removing unused or untrusted apps from your devices.
  • Updating your phone to the latest Android version available with this issue patched.
We remain vigilant of any security discoveries that may affect the LastPass community and will update our users if any other details come to light.

3 comments:

  1. Has Amazon also scanned their Appstore?

    ReplyDelete
  2. INTERNATIONAL CONCEPT OF WORK FROM HOME
    Work from home theory is fast gaining popularity because of the freedom and flexibility that comes with it. Since one is not bound by fixed working hours, they can schedule their work at the time when they feel most productive and convenient to them. Women & Men benefit a lot from this concept of work since they can balance their home and work perfectly. People mostly find that in this situation, their productivity is higher and stress levels lower. Those who like isolation and a tranquil work environment also tend to prefer this way of working. Today, with the kind of communication networks available, millions of people worldwide are considering this option.

    Women & Men who want to be independent but cannot afford to leave their responsibilities at home aside will benefit a lot from this concept of work. It makes it easier to maintain a healthy balance between home and work. The family doesn't get neglected and you can get your work done too. You can thus effectively juggle home responsibilities with your career. Working from home is definitely a viable option but it also needs a lot of hard work and discipline. You have to make a time schedule for yourself and stick to it. There will be a time frame of course for any job you take up and you have to fulfill that project within that time frame.

    There are many things that can be done working from home. A few of them is listed below that will give you a general idea about the benefits of this concept.

    Baby-sitting
    This is the most common and highly preferred job that Women & Men like doing. Since in today's competitive world both the parents have to work they need a secure place to leave behind their children who will take care of them and parents can also relax without being worried all the time. In this job you don't require any degree or qualifications. You only have to know how to take care of children. Parents are happy to pay handsome salary and you can also earn a lot without putting too much of an effort.

    Nursery
    For those who have a garden or an open space at your disposal and are also interested in gardening can go for this method of earning money. If given proper time and efforts nursery business can flourish very well and you will earn handsomely. But just as all jobs establishing it will be a bit difficult but the end results are outstanding.

    Freelance
    Freelance can be in different wings. Either you can be a freelance reporter or a freelance photographer. You can also do designing or be in the advertising field doing project on your own. Being independent and working independently will depend on your field of work and the availability of its worth in the market. If you like doing jewellery designing you can do that at home totally independently. You can also work on freelancing as a marketing executive working from home. Wanna know more, email us on workfromhome.otr214422@gmail.com and we will send you information on how you can actually work as a marketing freelancer.


    Internet related work
    This is a very vast field and here sky is the limit. All you need is a computer and Internet facility. Whatever field you are into work at home is perfect match in the software field. You can match your time according to your convenience and complete whatever projects you get. To learn more about how to work from home, contact us today on workfromhome.otr214422@gmail.comand our team will get you started on some excellent work from home projects.


    Diet food
    Since now a days Women & Men are more conscious of the food that they eat hence they prefer to have homemade low cal food and if you can start supplying low cal food to various offices then it will be a very good source of income and not too much of efforts. You can hire a few ladies who will help you out and this can be a good business.

    Thus think over this concept and go ahead.

    ReplyDelete
  3. it is unlikely that any malware has been written to take advantage of it yet.phone spy software

    ReplyDelete