The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge!

Android feels like Windows from the late ’90s and early 2000s all over again. What a mess.

I had the pleasure of hearing Adam Ely speak at RVAsec a few weeks ago. He’s a really bright guy and obviously his company, Bluebox, is doing some very important work.