Major Security Flaw Allows Android Phones To Get Hacked By A Single Text Message

29 Jul 2015 | Author: | No comments yet »

Android Stagefright bug: Phones and devices have ‘dangerous’ security flaw leaving 950m open to hacks.

SAN FRANCISCO (KPIX 5) — A major security flaw on Android phones let’s hackers break in with a single text message. Zimperium Mobile Security researchers have announced the discovery of a new weakness in Android that allows attackers to take control by using the multimedia messaging system.

Researchers at Zimperium have dubbed the attack “Stagefright” and claimed it could access 95 per cent of Android devices, an estimated 950 million around the world, although Google said no one had been affected. According to the Verge, the vulnerability called ‘Stagefright’ affects roughly 950 million Android devices worldwide, according to researcher estimates. Joshua Drake, the vice president of platform research and exploitation, said that a target’s mobile number is the only thing needed to launch the hack, which could theoretically hit anyone from government officials to company executives. According to mobile security firm Zimperium, hackers need only send the bug to a smartphone and they can take control of the device, and get access to personal information stored on the handset. “The attacker can send a specially crafted MMS file that is automatically parsed, and then the phone will be infected,” said CTO/Zimperium Founder Zuk Avraham. “It can also be triggered via other means like browsers — Chrome or Firefox — whenever you go to any website that has this specific vulnerability.” “The security of users is extremely important to us, so we’ve already responded quickly to this issue by sending the fix for all Android devices to our partners,” said a spokesperson.

Google already sent patches out to hardware partners and emphasized Android’s sandboxing technologies could prevent a catastrophe if your device is infected. Stagefright arrives in a modified file delivered in an unremarkable MMS, which can bypass Android security to execute remote code and potentially allow access to files, storage, cameras and microphones. “You will only see the notification.

Zimperium has not released all the details of the attack, but it appears to target how Android processes video, specifically in the phone’s MMS messaging capability. Zimperium has reported the problem to Google and provided the tech company with patches to prevent breaches. “Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that’s only the beginning of what will be a very lengthy process of update deployment,” Zimperium said. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. “This vulnerability can be triggered while you sleep. Unlike Apple, which controls the hardware and software on its iPhones, Google provides its latest version of Android to manufacturers who are then able to tweak it to their liking.

Once it takes hold, an attacker would gain the power to execute code remotely, compromising the phone’s microphone, cameras or any number of other core functions. This makes updating devices using the operating system a much greater challenge, and doesn’t guarantee that the patch will actually reach all Android users. A spokesperson for Google said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. Often, manufacturers choose not to fix phones already sold because the company can save money by not providing updates, according to Collin Mulliner, a senior research scientist at Northeastern University. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users. “As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week.

Mulliner told NPR. “It’s ultimately the manufacturer of your phone, in combination possibly with your carrier.” Some manufacturers have taken months to issue critical patches in the past, according to Vice’s Motherboard blog. And “at times, for devices older than a year or 18 months, patches never come.” To find out what kind of risks your Android faces, Zimperium suggests that consumers “contact your device manufacturer and/or carrier to ascertain whether or not your particular device has been updated [with] the requisite patches.”

Here you can write a commentary on the recording "Major Security Flaw Allows Android Phones To Get Hacked By A Single Text Message".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site