Inside the Bluebox Android Master Key Vulnerability

Every security researcher dreams of the day they can find one master vulnerability that acts like a skeleton key to unlock an entire system. Jeff Forristal, aka Rain Forest Puppy, has found this kind of vulnerability in Android, the wildly popular mobile operating system.

The vulnerability involves a feature that is intended to actually help secure Android. The problem resides in how Android verifies JAR/ZIP/APK files, which run on Android devices.