There's A Terrifying Android Vulnerability That Could Let Hackers Completely Take Over Your Phone

REUTERSOne of the researches behind the discovery will be presenting his findings at a "Black Hat" talk.

Researchers from Bluebox Labs have discovered a terrifying Android vulnerability that lets malware take over your apps, steal their data, and essentially take full control of your phone, including the financial information you've saved in your Google Wallet.

Here's the basic idea: Every Android app has its own unique identity, and this particular vulnerability allows malware to copy that identity, so that it can impersonate your applications without you knowing. Bluebox researchers aptly nicknamed the vulnerability "Fake ID."

Worse, it affects almost all Android phones. Bluebox says the vulnerability dates back to the January 2010 release of Android 2.1 and affects all devices that are not patched for "Google bug 13678484," which was disclosed to Google and released for patching in April.

The root of this vulnerability lies in what's called a "certificate chain," in which encrypted certificates that verify the identities of Android apps can trust each other to communicate and share data. The vulnerability, however, makes it impossible to verify the authenticity of the certificate chain.

Bluebox outlined some of the implications of this exploit:

Bluebox Labs researcher Jeff Forristal said he will offer more technical details of the exploit, including how it was found, and how it works, during his talk at the Black Hat USA conference in Las Vegas, which begins Aug. 2.

If you use Android 4.4 (known as KitKat) or you recieved Google's April patch before your phone was attacked, you're safe.

Bluebox released a free security scanner that will let you know if your phone has been affected.