There may be many ways to root an Android phone, but there's allegedly one root to rule them all. At this year's Black Hat USA 2013 conference, security researcher Jeff Forristal will detail how to gain system access and control on nearly any Android device. The bug was disclosed back in February, and Google presumably has worked to patch the vulnerability in the months since, so don't get too excited.

Fullscreen capture 5302013 32047 PM.bmp

Forristal claims he can modify APKs without having to re-sign them. This means someone with ill intentions could install malicious code masked as a legit app, or they could update existing apps without needing the signing key, compromising apps users naturally assume are safe. Forristal asserts that it's then a simple step to gain root access. When he first became aware of the vulnerability, it was executable across a large number of Android devices, generations, and architectures with minimal alteration. The diversity in the Android ecosystem puts a damper on a lot of things, but apparently not this.

Forristal works with Bluebox Security and is a recognized expert in the industry. He publicized the first responsible security policy and the first SQL injection. His talk will be one of many at this year's Black Hat conference, which will take place in Las Vegas from July 27 to August 1. Hit up the source link for a full schedule of events.

Source: Black Hat USA 2013