Scan Your Device for the Android “Master Key” Vulnerability

Share on TwitterShare on LinkedInSubmit to reddit
+1Digg ThisShare via email

Written by Jeff Forristal, Bluebox CTO

We have released a free app to help consumers and enterprises manage the risk around the “Master Key” vulnerability I blogged about last week.  The Bluebox Security Scanner app produced by our research team allows you to directly check if your Android device has been patched for this vulnerability without the hassle of having to contact the device manufacturer or mobile carrier.  It will also scan devices to see if there are any malicious apps installed that take advantage of this vulnerability.  Once we discovered the bug we set out to create a tool to help individuals to evaluate their risk and that app is now available for free at both Google Play, Amazon AppStore for Android and GetJar: 

https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

http://www.amazon.com/Bluebox-Security-Scanner/dp/B00DU4AKZ8/ref=sr_1_1

http://getjar.com/mobile/782358/bluebox-scanner

The scanner will save you significant time and keep you from having to do the “leg work” to figure out if your device has been safely patched.  If your device has not been patched, it will provide you with the information you need to ask your device manufacturer when a fix will be available.

This free app also does a partial device integrity check by searching for malicious apps leveraging the “master key” vulnerability so you won’t have to purchase a mobile AV application just to check for malware leveraging this vulnerability.

Screenshots of the Free Bluebox Security Scanner

 scanner1 scanner2

Please share these links to the scanner with your peers so they can protect themselves as soon as possible. 

https://play.google.com/store/apps/details?id=com.bluebox.labs.onerootscanner

http://www.amazon.com/Bluebox-Security-Scanner/dp/B00DU4AKZ8/ref=sr_1_1

http://getjar.com/mobile/782358/bluebox-scanner

While highlighting vulnerabilities and scanning for exploits is not part of Bluebox’s core business.  We have identified issues like the “master key” vulnerability in the context of research around our product, yet to be announced [register for our private beta], that helps enterprises address the mobile security challenge.  When Bluebox announces its enterprise mobile security solution, it will continue to provide the market with free insights that help raise awareness of mobile security issues through our Bluebox research team.  Please continue to follow us @BlueboxSec.

Share on TwitterShare on LinkedInSubmit to reddit
+1Digg ThisShare via email
  0 COMMENTS
Corporate Blog

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>