Those with Android devices are at risk of losing their data to hackers

900 million Android devices are at risk from a bug that allows hackers to hijack phones and steal data. A ‘master key’ that could give hackers complete access to mobile phones and tablets running Google’s Android software has been revealed. This Bug allows hackers to steal data, listen in to calls or send junk email and text messages. It takes advantage of the Android handles cryptographic verification of the apps installed on the phone.

Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with.

Researchers say the loophole has been present since 2009, and claims 900 million devices are at risk.

Jeff Forristal of Bluebox, the firm which uncovered the key, said the implications of the discovery were ‘huge’. The Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed.

Forristal said the firm made Google aware of its finding in February. However, the firm did not respond to Mail Online’s request for a comment.

Forristal is planning to reveal more information about the problem at the Black Hat hacker conference being held in August this year, and said the bug could have huge implications for firms who allow people to connect their Android phones and tablet to secure company networks.

He confirmed that one third party device, the Samsung Galaxy S4, already has a fix for the flaw, but that Google’s own Nexus handset did not.

However, experts say that there is currently no evidence that the flaw has been exploited.

ANOTHER ANDROID TROJAN COMES IN PIRATED JAY Z APP

McAfee Mobile Security has identified a new Android Trojan embedded in a pirated copy of an exclusive app from rapper Jay Z.

On the surface, the malware app functions identically to the legitimate app. However, in the background, the malware sends info about the infected device to an external server every time the phone restarts.

The malware then attempts to download and install additional packages

The only visible indication that a user is infected comes via a time-based trigger that is set to activate on 4th July, Independence Day in the US

On that day, the malware will replace the wallpaper on the infected device with an altered image of President Obama that comments on recent events in the US

The security company thinks that there is an agenda behind the Trojan but has not ruled out the possibility that additional malware may target financial transactions or other data.