Skip to main content

Researchers find vulnerability that affects 95% of Android devices

Image
By
Lollipop Forest Google Android
Image Credit: Google
Update: This article has been updated with a comment from Google. 
Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running operating system version 2.2 to 5.1, according to cybersecurity firm Zimperium.
At fault is a media library (used to process media files) called Stagefright.Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its research at the Black Hat 2015 security conference and at the hacking conference Def Con in August.
Using a person’s telephone number, hackers can send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Hackers could conceivably send the trojan file while the device’s owner is sleeping, get access to their phone, and then delete any evidence the phone was hacked. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, read emails, and get personal credentials.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.
Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones. Android owners can reach out to their telecom providers and device manufacturers to ensure their phones get the update.
Those with Silent Circle’s Blackphone running PrivatOS version 1.1.7 are already protected against the Stagefright vulnerability.
In a statement shared with VentureBeat, Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation. You can read the full comment below.

Comments

Post a Comment

Popular posts from this blog

Best Web Design Company in Pondicherry

By
#Technology    has two faces. We all feel it, but sometimes can’t find words to describe it.  #Ebooks    are the best example to show the 0-1 nature of emotions the  #technology  evokes. #itwhere    provide a  #Best     #solutions    to  #Growyourbusiness    feel free to drop a  #Mail    info@itwheretech.co.in www.itwheretech.co.in 
5 comments
Read more

South Korea aims for startup gold

By
Back in 2011, when South Korea won its longshot bid to host the 2018 Winter Olympics, the country wasn’t widely recognized as a destination for ski and snow lovers. It wasn’t considered much of a tech startup hub either. Fast forward seven years and a lot has changed. For the next 10 days, the eyes of the world will be on the snowy slopes of PyeongChang. Meanwhile, a couple of hours away in Seoul, a burgeoning startup scene is seeing investments multiply, generating exits and even creating a unicorn or two. While South Korea doesn’t get a perfect score as a startup innovation hub, it has established itself as a serious contender. More than half a billion dollars annually has gone to seed through late-stage funding rounds for the past few years. During that time, at least two companies, e-commerce company Coupang and mobile-focused content and commerce company Yello Mobile, have established multi-billion-dollar valuations. To provide a broader picture of how South Korea stacks ...
Post a Comment
Read more

Trump cites Facebook exec’s comments downplaying Russian ad influence on election

By
You’d be forgiven for missing Donald Trump’s multiple retweets of Facebook executive Rob Goldman over the weekend. Perhaps you were spending time with family, watching Black Panther or just attempting to forget politics for a moment by ignoring the manic flurry of social media updates from the leader of the free world. But in amongst a deluge of tweets that blamed Democrats for failing to preserve DACA, called out the FBI over the recent school shooting in Florida on the FBI and affectionately referred to a member of congress as “Liddle’ Adam Schiff, the leakin’ monster of no control,” the President cited Facebook’s VP of Ads as evidence against claims that his campaign colluded with Russia. “The Fake News Media never fails,” Trump tweeted over the weekend. “Hard to ignore this fact from the Vice President of Facebook Ads, Rob Goldman!” Trump was citing Goldman’s own Twitter dump over the past week, responding to Special Counsel Robert Mueller’s recent indictment of 13 Russian...
Post a Comment
Read more

Workato Chat Bot Brings Enterprise Workflow Into Slack

By
As we head into 2016, enterprise chat applications like  Slack  are suddenly a hot commodity, and if you’re inside chat a good portion of the day the argument goes, you should be able to access other work without leaving the chat client. This is exactly what  Workato’s  newly announced chat bot, Workbot, is designed to do. Chat bots are small programs that integrate with a chat platform and provide some advanced type of functionality in a fairly easy fashion. The new Workbot-chat bot enables users to access and control over 100 enterprise applications such as a Salesforce CRM record, Quickbooks accounting information or Zendesk customer service interactions directly inside of Slack. One of the primary issues with early Enterprise 2.0 tools was that they were just another application busy employees needed to pay attention to. The idea here is to give users customer information directly in the context of the discussion they may be having...
1 comment
Read more

Google Announces Android Wear Update With WiFi Support, Always-On Apps, And More

By
It has been a while since Android Wear got any substantial updates, but today Google is announcing a big one. A new version of Wear will be rolling out over the coming weeks that includes a number of previously rumored features (like WiFi support) and some all new stuff (like always-on apps). Most Wear devices use the always-on ambient mode for the watch face by default, the Moto 360 being a notable exception. The new Android Wear version allows apps to operate in ambient mode too, so they remain active when the watch goes to sleep. That makes it easier to take a quick glance at the app instead of waking the device up and opening the app all over again. The watch will still only go into full-color mode when necessary. WiFi support is also coming in the update, which means your watch can be useful even if your phone isn't connected. Watches with WiFi support will be able to connect to WiFi and still get messages and notifications from your phone, provided it has an interne...
Post a Comment
Read more