Stagefright: Android phone flaw may let hackers in via text message

28 Jul 2015 | Author: | No comments yet »

Android Stagefright bug: Phones and devices have ‘dangerous’ security flaw leaving 950m open to hacks.

Researchers at Zimperium have dubbed the attack “Stagefright” and claimed it could access 95 per cent of Android devices, an estimated 950 million around the world, although Google said no one had been affected. MIAMI (CBSMiami) – A major security flaw involving Android cell phones or tablets has the potential of giving hackers access to hundreds of million of users’ personal data.Android Cyber security firm Zimperium on Monday warned of a flaw in the world’s most popular smartphone operating system that lets hackers take control with a text message. “Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message),” Zimperium Mobile Security said in a blog post.

Joshua Drake, the vice president of platform research and exploitation, said that a target’s mobile number is the only thing needed to launch the hack, which could theoretically hit anyone from government officials to company executives. That’s because there is reportedly a flaw on some Android devices that automatically downloads pictures, audio or video in text messages you receive. Zimperium zLabs has discovered a security bug what it calls to “be the worst Android vulnerabilities discovered to date.” The bug, named ‘Stagefright’, is actually a media library that processes several popular media formats. Stagefright arrives in a modified file delivered in an unremarkable MMS, which can bypass Android security to execute remote code and potentially allow access to files, storage, cameras and microphones. “You will only see the notification.

Since media processing is often time-sensitive, the library is implemented in native code (C++) that is more prone to memory corruption than memory-safe languages like Java. While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. “This vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.” Zimperium found that devices running Android versions 2.2 (Froyo) are after are vulnerable, especially those using anything older than 2012’s Jelly Bean (4.1).

Drake found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction. A spokesperson for Google said: “This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. Some text messaging apps, like Google’s Hangouts, may read the video file before you open it and thereby infect you before you even know you got a text.

As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users. “As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. Verified email addresses: All users on Independent Media news sites are now required to have a verified email address before being allowed to comment on articles. Until then a South Florida cyber security expert says the best thing to do until the issue is resolved is not open text messages from unknown individuals. “If you don’t know where it’s coming from, don’t open it.

Considering severity of the problem, Google acted and applied the patches to internal code branches within 48 hours, but “unfortunately that’s only the beginning of what will be a very lengthy process of update deployment.”

Here you can write a commentary on the recording "Stagefright: Android phone flaw may let hackers in via text message".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site