Skip to main content

Researchers find vulnerability that affects 95% of Android devices

Lollipop Forest Google Android
Image Credit: Google
Update: This article has been updated with a comment from Google. 
Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running operating system version 2.2 to 5.1, according to cybersecurity firm Zimperium.
At fault is a media library (used to process media files) called Stagefright.Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its research at the Black Hat 2015 security conference and at the hacking conference Def Con in August.
Using a person’s telephone number, hackers can send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Hackers could conceivably send the trojan file while the device’s owner is sleeping, get access to their phone, and then delete any evidence the phone was hacked. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, read emails, and get personal credentials.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.
Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones. Android owners can reach out to their telecom providers and device manufacturers to ensure their phones get the update.
Those with Silent Circle’s Blackphone running PrivatOS version 1.1.7 are already protected against the Stagefright vulnerability.
In a statement shared with VentureBeat, Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation. You can read the full comment below.

Comments

Popular posts from this blog

Shatterproof screens to protect smartphones

Polymer scientists at the University of Akron in Ohio have developed a transparent electrode that could change the face of smartphones, literally, by making their displays shatterproof. In a recently published paper, researchers show how a transparent layer of nanowire-based electrodes on a polymer surface could be extraordinarily tough and flexible, withstanding repeated scotch tape peeling and bending tests. This could revolutionise and replace conventional touchscreens, according to Yu Zhu, UA assistant professor of polymer science. Currently used coatings made of indium tin oxide (ITO) are more brittle, most likely to shatter, and increasingly costly to manufacture. “These two pronounced factors drive the need to substitute ITO with a cost-effective and flexible conductive transparent film,” Zhu says, adding that the new film provides the same degree of transparency as ITO, yet offers greater conductivity. The novel film retains its shape and functionality after tests i...

Get 56GB of free cloud storage in one folder!

Bring Your Box, Dropbox, Google Drive, & OneDrive All Together In One Folder With odrive! Dropbox gives you up to 16GB free.  Google Drive & Gmail give you 15GB. OneDrive gives you 15GB. Box gives you 10GB. odrive brings all your cloud storage apps together in one folder right on your desktop. Just link your Dropbox, Google Drive, Gmail, Box, and OneDrive accounts to odrive and instantly get all your files scattered everywhere in one place! You can even link multiple accounts from each app to get even more! 1. Install odrive. DOWNLOAD It's free! And available for Windows & Mac :) 3.Get all your stuff! 2. Link all your cloud storage accounts. Note:  This gives odrive permission to download your files for you. odrive doesn't store anything, we promise! OXYGEN CLOUD, INC., 1600 SEAPORT BLVD, REDWOOD CITY, CA, 94063, UNITED  ...

So, when will your device actually get Android Oreo?

Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can. First the good news: If your device was enrolled in the Android Beta Program, you’ll be getting your hands on the final version of the software “soon,” according to Google. Exactly what that means remains to be seen, but rest assured that you’ll be one of of the first people outside of Google to take advantage of picture-in-picture, notification dots and the like. No big surprise, Google handsets will be the first non-beta phones to get the update. The Pixel, Nexus 5X and 6P are at the top of the list, alongside Pixel C tablet and ASUS’s Nexus Player set-top box, which will be receiving the upgrade i...

The Withings Go Is A Cheap Little Activity Tracker

Withings  has one more thing up its sleeve, a new activity tracker. This isn’t a new version of the  Pulse  or Activité. This is a brand new activity tracker. And the best part is that it only costs $69. The Withings Go uses an always-on E Ink display like the one on your Kindle or original Pebble. It’s very power efficient but it’s also a black and white display. But the good thing about this kind of display is that the Withings Go uses a button cell battery and the battery lasts 8 months. This new device tracks your steps, distance, running activity and swimming activity. You can also use it to track your sleep cycles. Compared to other entry-level activity trackers, you can do quite a lot. You don’t have to switch between activities — the device switches automatically. And of course, you can get your data in the Withings Health Mate app on iOS and Android. The Withings Go will be available in Q1 2016. Now the question is whether people want ...

Where does Blue Apron go after Amazon wraps up its Whole Foods deal?

Last week, Amazon said that its massive $13.7 billion deal to acquire Whole Foods is wrapping up on Monday — giving it access to one of the strongest food brands in the United States, as well as hundreds of grocery stores in metropolitan areas. That means it’s going to be easier and easier for people to get access to great ingredients, and there’s been a continued trickle of suggestions that Amazon will be gunning for a massive business that helped Blue Apron go public — a trickle that has since tempered Wall Street’s appetite for that business. All this raises a ton of questions as to what the future of Blue Apron is as Amazon looks primed to bulldoze into its territory in a very Amazon move. But as the specter of Amazon getting into meal-kit delivery looms, let’s review really quickly what Blue Apron has going for it: It has a strong brand in meal-kit delivery. The company wouldn’t have been able to go public, much less sustain unicorn status even as its stock continues to plumme...