Researchers find vulnerability that affects 95% of Android devices

Image Credit: Google

Update: This article has been updated with a comment from Google.

Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running operating system version 2.2 to 5.1, according to cybersecurity firm Zimperium.

At fault is a media library (used to process media files) called Stagefright.Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its research at the Black Hat 2015 security conference and at the hacking conference Def Con in August.

Using a person’s telephone number, hackers can send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Hackers could conceivably send the trojan file while the device’s owner is sleeping, get access to their phone, and then delete any evidence the phone was hacked. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, read emails, and get personal credentials.

“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.

Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones. Android owners can reach out to their telecom providers and device manufacturers to ensure their phones get the update.

Those with Silent Circle’s Blackphone running PrivatOS version 1.1.7 are already protected against the Stagefright vulnerability.

In a statement shared with VentureBeat, Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation. You can read the full comment below.

Comments

The 7 Best Mockup Tools for App Entrepreneurs

The 7 Best Mockup Tools for App Entrepreneurs When you want to create the greatest possible mobile app that you can build, you likely already realize that you’ll need a strong foundation to start with. Building an exceptional mobile app isn’t so different from crafting a luxury home in this respect. It all begins with the blueprint, base and groundwork. In the case of mobile, you’ll need a strong and durable mockup before you even consider putting your development team to work. Thankfully, app entrepreneurs have been gifted with an abundance of options to choose from when it comes to selecting a top-quality mockup tool to use. And there’s absolutely nothing wrong with performing your initial mockups on paper. Don’t let anyone tell you otherwise. There’s even something special about telling a friend your spontaneous new app idea, while immediately sketching out its wireframe on notebook paper. But, we’ve put together a list of The 7 Best Mockup Tools for App Entrepren...

How ad-free subscriptions could solve Facebook

At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively...

eGym raises $45M Series C for cloud-connected gym equipment and fitness software

eGym , the Munich-based startup that offers cloud-connected gym equipment and supporting cloud software and app for the fitness training floor, has closed $45 million in Series C funding. The round was led by new investor HPE Growth Capital, while existing investors, including Highland Europe, also participated. The problem that eGym is looking to solve is that, whilst gyms have moved from a bodybuilder market to a mass market in the last 20 years, the technology in gyms lags behind. That’s despite the fact that better use of technology can help to reduce customer churn, the biggest pain-point of both gym operator and gym users. Comprising of an app for both gym user and trainer, combined with the company’s connected strength machines, the eGym Cloud makes it possible for gym members to receive better fitness instruction and an evolving and personalised fitness plan based on data collected as they workout. And by providing a better workout feedback loop, gym goers can get an i...

NVBOTS Wants To Make 3D Printers As Easy As Toasters

Right now 3D printing curriculums, if they exist, are fairly sparse. Putting a two thousand dollar machine in front of a grade schooler usually ends up in a lot of 3D printed Yoda heads and not much education while the learning curve for most 3D design tools is steep. That’s what the founders of NVBOTS, AJ Perez, Forrest Pieper, Christopher Haid, and Mateo Peña Doll, are looking to solve. Their product, the NVPRO , is a 3D printer with a few interesting features. The two most interesting are the automatic removal system which pops parts off of the build plate when they are done and a built-in print server that allows you to print from any device. This means you can run large batches of prints from different users with each part popping off as its printed. This means a class of students can send jobs to a printer and then pick them up just as they would a laser printer. The printer also supports a central “admin” who can check jobs before they are printed as and offers a ...

Windows 10 for phones will be released on this Friday

Microsoft's head of the Windows Insider program, Gabe Aul, has announced today on Windows Weekly that they will release a new build of Windows 10 for phones on Friday at 10 AM PT. Windows 10 release date A few weeks back, the company announced a new list of supported devices for the next release but for the version that will be released on Friday, the Lumia Icon and Lumia 930 will not be supported. Gabe said during the announcement that it came down to the new UI being too small on these devices and as such, will not be included in this release. List of supported devices Lumia 1020 Lumia 1320 Lumia 1520 Lumia 520 Lumia 525 Lumia 526 Lumia 530 Lumia 530 Dual Sim Lumia 535 Lumia 620 Lumia 625 Lumia 630 Lumia 630 Dual Sim Lumia 635 Lumia 636 Lumia 638 Lumia 720 Lumia 730 Lumia 730 Dual SIM Lumia 735 Lumia 810 Lumia 820 Lumia 822 Lumia 830 Lumia 920 Lumia 925 Lumia 928 Lumia ICON Microsoft Lumia 430 Microsoft Lumia 435 Microsoft Lumia 435 Dual SIM Microsoft Lumia 435 Dual ...

Exciting Technology

Search This Blog