Skip to main content

Researchers find vulnerability that affects 95% of Android devices

Image
By
Lollipop Forest Google Android
Image Credit: Google
Update: This article has been updated with a comment from Google. 
Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running operating system version 2.2 to 5.1, according to cybersecurity firm Zimperium.
At fault is a media library (used to process media files) called Stagefright.Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its research at the Black Hat 2015 security conference and at the hacking conference Def Con in August.
Using a person’s telephone number, hackers can send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Hackers could conceivably send the trojan file while the device’s owner is sleeping, get access to their phone, and then delete any evidence the phone was hacked. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, read emails, and get personal credentials.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.
Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones. Android owners can reach out to their telecom providers and device manufacturers to ensure their phones get the update.
Those with Silent Circle’s Blackphone running PrivatOS version 1.1.7 are already protected against the Stagefright vulnerability.
In a statement shared with VentureBeat, Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation. You can read the full comment below.

Comments

Post a Comment

Popular posts from this blog

How ad-free subscriptions could solve Facebook

By
At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively...
1 comment
Read more

Engineering against all odds, or how NYC’s subway will get wireless in the tunnels

By
Never ask a wireless engineer working on the NYC subway system “What can go wrong?” Flooding, ice, brake dust, and power outages relentlessly attack the network components. Rats — many, many rats — can eat power and fiber optic cables and bring down the whole system. Humans are no different, as their curiosity or malice strikes a blow against wireless hardware (literally and metaphorically). Serverless software deployment to the cloud, this is not. New York City officially got wireless service in every underground subway station a little more than a year ago, and I was curious what work went into the buildout of this system as well as how it will expand in the future. That curiosity is part of a series of articles I’ve written on an observed pattern known as cost disease, the massively inflating costs of basic human services like health care, housing, infrastructure, and education. The United States spends trillions of dollars on each of these fields, massively outspending sim...
Post a Comment
Read more

South Korea aims for startup gold

By
Back in 2011, when South Korea won its longshot bid to host the 2018 Winter Olympics, the country wasn’t widely recognized as a destination for ski and snow lovers. It wasn’t considered much of a tech startup hub either. Fast forward seven years and a lot has changed. For the next 10 days, the eyes of the world will be on the snowy slopes of PyeongChang. Meanwhile, a couple of hours away in Seoul, a burgeoning startup scene is seeing investments multiply, generating exits and even creating a unicorn or two. While South Korea doesn’t get a perfect score as a startup innovation hub, it has established itself as a serious contender. More than half a billion dollars annually has gone to seed through late-stage funding rounds for the past few years. During that time, at least two companies, e-commerce company Coupang and mobile-focused content and commerce company Yello Mobile, have established multi-billion-dollar valuations. To provide a broader picture of how South Korea stacks ...
Post a Comment
Read more

Trump cites Facebook exec’s comments downplaying Russian ad influence on election

By
You’d be forgiven for missing Donald Trump’s multiple retweets of Facebook executive Rob Goldman over the weekend. Perhaps you were spending time with family, watching Black Panther or just attempting to forget politics for a moment by ignoring the manic flurry of social media updates from the leader of the free world. But in amongst a deluge of tweets that blamed Democrats for failing to preserve DACA, called out the FBI over the recent school shooting in Florida on the FBI and affectionately referred to a member of congress as “Liddle’ Adam Schiff, the leakin’ monster of no control,” the President cited Facebook’s VP of Ads as evidence against claims that his campaign colluded with Russia. “The Fake News Media never fails,” Trump tweeted over the weekend. “Hard to ignore this fact from the Vice President of Facebook Ads, Rob Goldman!” Trump was citing Goldman’s own Twitter dump over the past week, responding to Special Counsel Robert Mueller’s recent indictment of 13 Russian...
Post a Comment
Read more

3D printing company New Matter is shutting down this month

By
Perhaps 2014 wasn’t the ideal time to get into the 3D printing game. After years of hype, the even the biggest names have been struggling to stay afloat. Pasadena startup New Matter is joining the growing list of companies who’ve unsuccessfully made a go at it, announcing that it will be closing up shop by the end of the month. It’s not for lacking of trying — and the company’s MOD-t printer was met with decent reviews when it launched in 2016. In his writeup, John praised the pricing ($300 or $400, depending on where you picked one up) and ease of use, though added cautiously, “you get what you pay for.” Initially funded on Indiegogo, the company went back to the crowdfunding well last year, this time taking to Kickstarter to pay for a Model 2. The project managed to exceed its goal in five days, but New Matter still pulled the plug. The company says it ultimately wanted to go back to the drawing board. “We have always strived to listen closely to our customers’ feedback, and...
Post a Comment
Read more