'Master key' to Android phones uncovered
A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.
The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.
The loophole has been present in every version of the Android operating system released since 2009.
Google said it currently had no comment to make on BlueBox's discovery.
The bug emerges because of the way Android handles cryptographic verification of the programs installed on the phone.
Android uses the cryptographic signature as a way to check that an app or program is legitimate and to ensure it has not been tampered with. Mr Forristal and his colleagues have found a method of tricking the way Android checks these signatures so malicious changes to apps go unnoticed.