Skip to main content

Major KeyStore security vulnerability threatens 86 percent of Android devices

nsa friends spyware phones google play android vulnerable
Researchers at IBM have published a report detailing a serious vulnerability in the KeyStore that affects 86 percent of Android devices. Google’s Android OS stores extremely sensitive information in the KeyStore. Hackers who exploit the security hole will be able to access sensitive information, such as crypotographic keys for several banking apps and virtual private networks, as well as the pattern sequences or PINs used to unlock Android devices.

According to the report from IBM, Google only built the necessary protection against this threat into Android 4.4 KitKat, leaving some 86.4 percent of Android devices vulnerable to the stack-based buffer overflow, which allows hackers to access the information in the KeyStore. Right now, any hacker who finds the security hole can execute malicious code that will force the keys from banking and other apps containing sensitive information to leak and even unlock the unsuspecting victim’s device.

The researchers discovered the flaw nine months ago and alerted Google. Its findings were published last week after the Android Security Team patched the issue for KitKat.

Although the KeyStore vulnerability is very serious, it seems that no one has exploited the flaw yet. In fact, Ars Technica says that hackers have to jump through a lot of hoops to wiggle their way into the KeyStore.

Android has several strong barriers in place that protect the KeyStore from hackers. Measures such as data execution prevention and address space layout randomization are supposed to make it difficult for hackers to execute the correct code and discover flaws in the system. Those who would break into the KeyStore’s vault of sensitive information, would also have to get users to install a malware-infested app on their devices first.

Google is most likely working on a fix for the issue for all earlier versions of Android, but in the meantime, if your device isn’t running KitKat, you are advised to download only apps you trust completely and keep an eye out for any suspicious activity on your Android devices.

Editors' Recommendations

Malarie Gokey
Former Digital Trends Contributor
As DT's Mobile Editor, Malarie runs the Mobile and Wearables sections, which cover smartphones, tablets, smartwatches, and…
There’s a major Android bluetooth security flaw. Here’s how to fix it

Looks like it's time to check if you have an Android security update available to your phone. A new security flaw has been discovered in Android -- and this time, it uses Bluetooth to allow access to your phone.

The flaw, called BlueFrag, takes advantage of Bluetooth in Android 8 and 9, and it basically allows hackers to execute code on your device. The result? Hackers can fully access anything stored on your phone, and install malware without your knowledge.

Read more
Google’s Android bug bounty program announces a $1 million prize
pixel 4 xl screen vs pixel 3 xl screen

Google has been handing out cash rewards to Android bug hunters since 2015 in an effort to keep the mobile operating system safe and secure and running smoothly.

This week the Mountain View, California-based company announced it is increasing its top payout to a whopping $1 million, with a potential for a 50% bonus that pushes it to $1.5 million.

Read more
Android 10 is here, but how many devices did Android 9.0 Pie reach?
android 9 pie app switcher

Android 10 has been released, but as it's still early, only a few devices have been updated to Android's latest version. As such, it will be a while before Google releases numbers about Android 10's penetration into the market. But we can still take a look at how well Android's last major update, Android 9.0 Pie, has been doing. According to numbers from May of 2019, Google is still struggling to update existing devices to its latest operating systems, with the adoption of Pie at a measly 10.4%.

As was true back in October 2018, Android Oreo is still the most common version of Android on devices, with versions 8.0 and 8.1 amounting to a combined 28.3% of all active Android devices. That's a massive 9.1% increase since October 2018. Android Nougat comes in second place, with 7.0 and 7.1 representing 19.2% of all active Android devices. In fact, if placed into a hierarchical list, Android 9.0 Pie comes in at an embarrassing fifth place, behind 2014's Android Lollipop (14.5%) and 2015's Android Marshmallow (16.9%).

Read more