Bluebox releases free scanner for Android "master key" bug
Posted on 11 July 2013.
Bluebox Security, the mobile security startup that's "working to save the world from information thievery", has made a name for itself by finding and revealing the existence of an vulnerability that put 99 percent of all Android users in danger of unknowingly downloading malware.

This so-called "master key" bug allows attackers to modify the code of any app without breaking its cryptographic signature and makes it easy for them to substitute malicious apps with legitimate ones. The magnitude of the risk is big, especially now that proof-of-concept code for its exploitation has been published.

Bluebox has now made available an app called Bluebox Security Scanner that allows users to see whether their device is vulnerable to the bug.

Available for download from Google Play, Amazon AppStore for Android and GetJar, the app scans the users' device and tells them whether their Android installation has already been patched or still sports the vulnerability, whether their system settings allow non-Google Market application installs, and whether they have already installed one or more apps that take advantage of the flaw.

"The scanner will save you significant time and keep you from having to do the 'leg work' to figure out if your device has been safely patched," explaines Jeff Forristal, Bluebox CTO. "If your device has not been patched, it will provide you with the information you need to ask your device manufacturer when a fix will be available."

In the description of the app on Google Play the company has also warned users of Nexus devices that even though Google has given out the patch for the flaw to other vendors (Samsung, Sony, HTC, etc.), it has not yet issued updates for their own Nexus devices. "It is unknown why, but speculation is they don't want to do a 4.2.x patch update if 4.3 is coming out very soon," they said.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th