Trustlook First Demonstrated Newly-Founded Android Signature Verification Vulnerability and Exploitation

SAN JOSE, CA--(Marketwired - September 10, 2015) - After displaying the “Master Key” and “FakeID” vulnerabilities, Trustlook, Inc., an innovator in next generation mobile security solutions, today demonstrated a newly-founded major vulnerability in the Android signature verification, which was first discovered by Alibaba’s security team and disclosed at the BlackHat Mobile Security Summit 2015. The new way to exploit this vulnerability is “to kill with a borrowed sword”, manipulating antivirus software to remove innocent target applications, which has hit most signature-based AV software and innocent Android application developers hard.

To ensure an application’s integrity and traceability, Android enforces all apps must be signed by the developer’s’ private key to avoid unauthorized changes in the package. This Android signature verification vulnerability however, enables any file ended with .SF, .DSA, .RSA or .EC, and those in the META-INFO folder being ignored when verifying the signature, thus giving attackers a chance to put arbitrary files into the package without breaking the signature verification.

“So far, millions of innocent applications have been maliciously detected and removed by signature-based antivirus software.” stated Tianfang Guo, Vulnerability Research Expert at Trustlook. “Not only heavily damaging developers’ reputation, the exploitation of this vulnerability also influenced the operation conditions of the antivirus software to serve the attackers’ own purpose.” Trustlook also released the Proof of Concept video, demonstrating the genuine ‘Angry Birds 2’ application replaced by the repackaged app containing malware and identified as malware by some antivirus software.

Currently, Trustlook’s vulnerability research team is still working on this vulnerability. For new updates please refer to this technical blog. For more protection, please refer to Trustlook Antivirus & Mobile Security.

About Trustlook, Inc.

Founded in 2013 and headquartered in Silicon Valley, Trustlook is a global leader in next-generation mobile security solutions. Trustlook pioneers and provides the first APT (advanced persistent threat) mobile security platform to detect and address zero-day and advanced malware. The Trustlook team consists of security industry veterans. For more information, please visit www.trustlook.com.