Your android phone or tablet can be taken over completely by a hacker using the vulnerability aptly named the Master Key Bug. He can make phone calls using your phone, send SMS or take photos and videos and access your passwords.
According to Bluebox, the ultimate fix for this bug is a software update. However, millions of Android devices lack recent updates. But don’t worry, since we know how the Master Key Bug might be exploited, we can take several steps in ensuring that our Android phones remain safe.
1. Make Sure to Disable Installation of Non Market Apps
Make sure that only trusted apps can be installed in your Android phone. Open up the Settings > Security and then uncheck the Unknown Sources option.
2. Use Google Play Only in Downloading Apps
For the time being, don’t use other App Stores since Google know the Master Key bug more than anyone else. Don’t download apps from torrent sites too. That will be the first place where hackers look forward to publish their apps.
3. Uninstall Questionable Apps from Your Phone
If you have recently installed an app that offers very little use for you, uninstall it. Examples of apps like this are those that serve as ebooks with very few pages. Be specially skeptical in installing apps that ask for a lot of permissions.
4. Check for Software Updates from Your Phone’s Manufacturer
If you own a phone from big brands like Samsung, HTC and others, you’ll likely receive a security update for the Master Key bug soon. However, there are many local brands like My|Phone, Cherry Mobile and Starmobile that lack the ability to release this update in a short time.
MyPhone users, you might want to give a heads up to your Dev Team. This is their Facebook Page.
How the Android Master Key Bug Works
As you all know, applications for your Android phones and tablets can only be downloaded safely from Google’s Playstore. If you download apps from other sources, the chances are high that those apps will have viruses.
When a developer submits his app to the Playstore, Google adds a signature into that app so that Android can check later if the app is legitimate. Think of it as a barcode for apps.
When a hacker (or cracker) tries to edit the source code of an app and let you install the modified app in your phone, Android will tell you that it can’t verify the app. This makes you worry and abort the installation.
Using the Android Master Key, the source code of an app can be changed but not its signature. You will never notice anything strange with it during installation.
How the Android Master Key Bug Might be Exploited
Since the Android Master Key Bug allows anyone to completely control your Android device, it can used to retrieve your email address and password. They can then use it to access your bank account or hosting account.
The Master Key bug can also be used to retrieve phone numbers, SMS, pictures and videos from your phone. It can even grant someone to take pictures or videos and make phone calls and send SMS.
The most feared effect of the Master Key bug might be the prospect of creating a botnet. The hacker can use your phones without your knowledge to perform illegal tasks. This can include taking down a website using DDOS attack.
