Northeastern University and Duo Security Collaborate to Fix Critical “Master Key” Android Vulnerabilities

Researchers from Northeastern University’s System Security Lab (NEU SecLab) and Duo Security, a cloud-based two-factor authentication company, announced today the release of a mobile application called “ReKey” that fixes the critical “Master Key” vulnerabilities in Google’s Android mobile platform that enable attackers to take full control of a user’s mobile device.

With ReKey, Android users are able to immediately protect their Android phone from the “Master Key” vulnerabilities, without waiting on security updates from their mobile carrier. The ReKey app release is the result of an ongoing research collaboration between Northeastern and Duo.

“ReKey is the latest of our research projects designed to make the Internet a safer place,” said Collin Mulliner, a postdoctoral researcher at NEU SecLab. “We hope that ReKey will provide a practical tool for users to protect themselves and, at the same time, raise awareness of the challenges in the mobile security space.”

Previous research from Duo Security’s DARPA-funded X-Ray project demonstrated that Android users may be exposed by unpatched security weaknesses for months and even years. Last year, Duo reported that over 50% of Android devices worldwide have unpatched vulnerabilities. With the recently-disclosed vulnerabilities, that number will spike to nearly 100% until carriers are able to adequately patch their subscribers’ devices.

“The security of Android devices worldwide is paralyzed by the slow patching practices of mobile carriers and other parties in the Android ecosystem,” said Jon Oberheide, CTO of Duo Security. “We are excited to bring forward innovative technology like ReKey that puts security controls back into the hands of users and enterprises.“

For more information about ReKey, visit http://rekey.io. For more information about X-Ray, visit http://xray.io.

About Northeastern University Systems Security Lab

The Systems Security Lab at Northeastern University (NEU SecLab) has a focus on practical security research, and is active in a number of areas spanning systems and network security. Particular research interests include mobile security, web security, security applications of program analysis, botnets, and malware. SecLab researches tools and techniques for making the Internet a safer place. For more information about NEU SecLab, visit http://seclab.ccs.neu.edu.

About Duo Security

Duo Security is the easiest two-factor authentication service to deploy, administer, and use. Duo’s service can be set up in as little as 15 minutes, and used immediately by anyone with a phone. Over 1,000 organizations in over 80 countries rely upon Duo to prevent online account takeover and data theft. Backed by Google Ventures and True Ventures, Duo has been deployed by some of the most security-conscious organizations on the planet along with 3 of the top 5 social networks. Learn more and try it for free at http://www.duosecurity.com.

Article from CNBC.com