Previous Story
Crippling Android smartphones with text attack
Posted On Jul 27 2015
Comment: Off
In correspondence in April and May, he shared his findings with Google, which makes the Android operating system.
Researchers at mobile security company Zimperium have uncovered an issue in the Stagefright code that they believe to be one of the worst Android vulnerabilities to date.
In this attack, the target would not need to goof up – open an attachment or download a file that’s corrupt. Only older Android phones below version 2.2 are not affected, he added.
The targeted user does not even have to play the attached video which hides the malware for it to work.
So far, Zimperium told NPR, the flaw its team discovered has not been exploited, but in a blog post on its own website, the company said that 95 percent of Android devices worldwide are vulnerable. And that’s assuming that your phone is using a default messaging app. If your mobile phone is running Google’s Hangouts app, Drake asserts, you wouldn’t need to view the text for the malware to access your phone. For example, when the Hangouts app receives media files, it starts initial processing for filing it into the photo or video section of a user’s smartphone gallery.
Drake says, “We hope that members of the Android ecosystem will recognize the severity of these issues and take immediate action. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone”.
Drake said, if exploited, the Stagefright bug could grant hackers a variety of powers over the victim device.
Recommended: Passcode How well do you know hacker movies?
“We are yet to find any instances of Stagefright being exploited in the wild”, Drake told Business Insider.
Collin Mulliner, senior research scientist at Northeastern University, said in the interview, “In this case Google is not the actual one to blame”.
But it goes away very quickly, he says, when you look at how long it’ll take his Nexus, my Samsung Galaxy and your LG or ZTE to get those patches. Android’s allure for malicious hackers has everything to do with its popularity.
“The problem is that devices sold today have no warning system as to if they will ever be updated”, says Todd Beardsley, research manager at the security firm Rapid7. Currently, Google provides patches the two most recent operating systems it still supports – KitKat and Lollypop.
While Zimperium says the risks are high for Stagefright to be exploited, and it’s possible that malicious hackers will soon take advantage of the flaw, Android device owners largely sidestep potential malware.
Although you may not have heard of it, Stagefright is at the heart of the Android operating system.
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more hard”.
If you can save money by not producing updates, you’re not going to do that.
But many manufacturers do not treat updates with urgency.
A Google spokeswoman didn’t say in a statement to CNET what vendors may be ready to update their devices or have plans to do so, but she did acknowledge that they are armed with the patches they need to safeguard devices.
