Android Security Flaw Allows Hackers To Create “Fake IDs”

A widespread vulnerability in Android’s systems could put you at risk.

Android Security Flaw Allows Hackers To Create “Fake IDs”
[Image: Flickr user Keera Russell]

A flaw in Google’s Android system may allow hackers to re-create trusted applications and load them with malware, posing numerous security risks.


Tech security firm Bluebox Security flagged Android’s “Fake ID” flaw today in a blog post:

Dubbed “Fake ID,” the vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. This can result in a wide spectrum of consequences. For example, the vulnerability can be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM.

The problem Bluebox discovered is that Android fails to check the validity of certain applications, making it easy for hackers to access the application’s digital identity certificate and, essentially, forge it.

The “Fake ID” vulnerability affects Android systems 2.1 to 4.4. Read more about it here.

H/T Businessweek

About the author

KC works covers entertainment and pop culture for Fast Company. Previously, KC was part of the Emmy Award-winning team at "Good Morning America" where he was the social media producer.