A new Potential Android threat could impact up to 900 million devices (or more), was discovered by BlueBox Security.
Read Article here
It seems that researchers (to be a discussion during BlackHat 2013) have uncovered a way to allow a hacker to modify APK code and render an app effectively a trojan and/or a Zombie application, without touching the Cryptographic key for that application!
Now this is interesting to me. Since to install an app on a device, you have to cryptographically prove that this is a legit application, but the vulnerability doesn't mess with the key but only the apk code, you have a serious situation here.
In doing some research at the end of last year and discussing this will colleagues, I interjected that if there was a way to ignore the key but change the code of the APK, then you would have a serious security vulnerability. I was laughed at and told I was barking up the wrong tree. Hmm, looks like if I went further with my idea instead of being shot down, I would have discovered this first. Hmm. Hope they are choking on their words now. lol.
The issue that I am getting at is that thinking outside the box, sometimes far outside the scope of normal, can produce some very interesting results. Given time, many of these outlandish thoughts and ideas can be used to create vulnerabilities in existing software or systems. I tip my hat at BlueBox for finding this and I frown on the nay sayers.
Thinking and research such at performed in this article far out shines any boxed thinking or rulesets. You can only mimick what is being taught to you. Its up to you to use some of this knowledge to create NEW strategies, directions and forge NEW ideas and ways of thinking! Don't limit yourself with what a professor only knows. You may discover that they really don;t know more than what they read in books and can;t apply creative thinking to real world situations.
Then again, isn't this "Creative" and "thinking outside the box" mentality is what the true meaning of Hacking is all about ?
