Solidot: Android漏洞允许攻击者修改代码但不改变签名

Solidot

奇客的资讯，重要的东西

Android漏洞允许攻击者修改代码但不改变签名
http://solidot.org.feedsportal.com/c/33236/f/556826/s/2e3bf32b/l/0L0Ssolidot0Borg0Cstory0Dsid0F35460A/story01.htm
Jul 5th 2013, 07:10

移动安全公司Bluebox Security的研究员声称发现了一个Android严重漏洞，这个漏洞允许攻击者修改应用程序的代码但不会改变其加密签名。所有Android应用都包含签名，Android根据签名判断其合法性或是否有没有被修改。如果能在不改变签名的情况下修改应用程序，骗过系统执行，意味着攻击者可以为所欲为，可以在代码中加入后门、按键记录程序或其它恶意功能。如果攻击者能修改重要的系统级应用如厂商预装的应用或可信任合作伙伴的应用，那么它可以完全控制受影响系统，将其变成僵尸手机。This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: 'You Say What You Like, Because They Like What You Say' - http://www.medialens.org/index.php/alerts/alert-archive/alerts-2013/731-you-say-what-you-like-because-they-like-what-you-say.html



You are receiving this email because you subscribed to this feed at http://blogtrottr.com

If you no longer wish to receive these emails, you can unsubscribe here:
http://blogtrottr.com/unsubscribe/cz0/jPbdSR