Android 4.4 KitKat, the latest version of the mobile OS, hasn’t reached a lot many devices yet. It is already available as part of the Android Open Source Project though. Jay Freeman, a notable security researcher, has now revealed that Android 4.4 KitKat contains yet another Master Key Vulnerability.
A number of Android master key vulnerabilities have been discovered in the past. The first of these came to light when it was discovered that hackers could easily modify any valid and legitimate app and then use it as a Trojan program to compromise the security of a user who downloads the said app.
The specific Master Key vulnerability was patched in the later versions of Android. Google took serious measures to mitigate such a security risk by blocking such Android apps on Google Play Store which may have been compromised through a master key vulnerability.
Jay Freeman, who is popularly known as Saurik, has now revealed that even the new Android 4.4 KitKat contains a critical Master Key vulnerability. Freeman penned down a proof-of-concept exploit of this vulnerability, written in Python language and posted below.
The new vulnerability essentially allows a hacker to gain illegal entry into an Android device through a modified system APK. This can be achieved by circumventing the need to furnish the right cryptographic key for a given app. The exploit allows a hacker to sneak a malware into an Android device, allowing him access to the contents of the device as well as to critically important system permissions.
Courtesy: The Hacker News