Skip to main content

First known cases of Android 'Master Key' security hack exposed in China

The first known cases of hackers exploiting the Android 'Master Key' vulnerability have been discovered by researchers from Symantec (opens in new tab).

The major security bug, which was first exposed earlier this month, has been used to infect two Chinese applications.

Hackers have added malicious code to the software, modifying them in such a way that smartphones with the affected apps installed can be controlled remotely.

According to Symantec, this malware, named 'Android.Skullkey (opens in new tab)', enables cyber-criminals to steal personal data and send premium text messages from compromised devices. They can also disable a number of Chinese mobile security software applications.

Though the compromised apps are legitimate, they both hail from Chinese Android marketplaces.

The enormous Android vulnerability was first uncovered by Bluebox Security (opens in new tab) in early July, which also confirmed that 99 per cent of Android devices – 900 million smartphones and tablets - were at risk of being hacked.

The flaw, which has existed for a staggering four years, enables attackers to gain complete access to an Android device's data, by modifying applications without breaking their cryptographic signature.

Users have been urgently advised to protect themselves against the flaw (opens in new tab).

"We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices," said Symantec. "Symantec recommends users only download applications from reputable Android application marketplaces."

(opens in new tab)Apple last month posted a chart, highlighting the extent of Android's fragmentation (opens in new tab), which has proved a blessing (opens in new tab), as well as a curse, for the operating system.

This isn't welcome news for Google though, as it gears up for the launch of the Nexus 7 2 and Android 4.3 (opens in new tab). Follow the link above for ITProPortal's live coverage of the event.

Aatif is a freelance copywriter and journalist based in the UK. He’s written about technology, science and politics for publications including Gizmodo, The Independent, Trusted Reviews, Newsweek, and ITProPortal.