Skip to main content

Researchers find vulnerability that affects 95% of Android devices

Image
By
Lollipop Forest Google Android
Image Credit: Google
Update: This article has been updated with a comment from Google. 
Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running operating system version 2.2 to 5.1, according to cybersecurity firm Zimperium.
At fault is a media library (used to process media files) called Stagefright.Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its research at the Black Hat 2015 security conference and at the hacking conference Def Con in August.
Using a person’s telephone number, hackers can send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Hackers could conceivably send the trojan file while the device’s owner is sleeping, get access to their phone, and then delete any evidence the phone was hacked. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, read emails, and get personal credentials.
“These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.
Though Google has applied patches to Android Open Source Project, Zimperium says device owners should be proactive in updating their phones. Android owners can reach out to their telecom providers and device manufacturers to ensure their phones get the update.
Those with Silent Circle’s Blackphone running PrivatOS version 1.1.7 are already protected against the Stagefright vulnerability.
In a statement shared with VentureBeat, Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation. You can read the full comment below.

Comments

Post a Comment

Popular posts from this blog

Best Web Design Company in Pondicherry

By
#Technology    has two faces. We all feel it, but sometimes can’t find words to describe it.  #Ebooks    are the best example to show the 0-1 nature of emotions the  #technology  evokes. #itwhere    provide a  #Best     #solutions    to  #Growyourbusiness    feel free to drop a  #Mail    info@itwheretech.co.in www.itwheretech.co.in 
5 comments
Read more

Phoenix OS is (another) Android-as-a-desktop

By
Google Android may have been developed as a smartphone operating system (and later ported to tablets, TVs, watches, and other platforms), but over the past few years we’ve seen a number of attempts to turn it into a desktop operating system. One of the most successful has been  Remix OS , which gives Android a taskbar, start menu, and an excellent window management system. The Remix OS team has also generated a lot of buzz over the past year, and this week the operating system gained a lot of new alpha testers thanks to a  downloadable version of Remix OS  that you can run on many recent desktop or notebook computers. But Remix OS isn’t the only game in town.  Phoenix OS  is another Android-as-desktop operating system, and while it’s still pretty rough around the edges, there are a few features that could make it a better option for some testers. Some background I first discovered Phoenix OS from  a post in the Remix OS Google Group , although I’ve also found mentions of th
3 comments
Read more

South Korea aims for startup gold

By
Back in 2011, when South Korea won its longshot bid to host the 2018 Winter Olympics, the country wasn’t widely recognized as a destination for ski and snow lovers. It wasn’t considered much of a tech startup hub either. Fast forward seven years and a lot has changed. For the next 10 days, the eyes of the world will be on the snowy slopes of PyeongChang. Meanwhile, a couple of hours away in Seoul, a burgeoning startup scene is seeing investments multiply, generating exits and even creating a unicorn or two. While South Korea doesn’t get a perfect score as a startup innovation hub, it has established itself as a serious contender. More than half a billion dollars annually has gone to seed through late-stage funding rounds for the past few years. During that time, at least two companies, e-commerce company Coupang and mobile-focused content and commerce company Yello Mobile, have established multi-billion-dollar valuations. To provide a broader picture of how South Korea stacks
Post a Comment
Read more

So, when will your device actually get Android Oreo?

By
Google officially just took the wraps off of Android Oreo, but there are still some questions left to be answered — most notably, precisely when each device will be getting the latest version of the mobile operating system. Due to Android’s openness and a variety of different factors on the manufacturing side, it’s not an easy question to answer, but we’ll break it down best we can. First the good news: If your device was enrolled in the Android Beta Program, you’ll be getting your hands on the final version of the software “soon,” according to Google. Exactly what that means remains to be seen, but rest assured that you’ll be one of of the first people outside of Google to take advantage of picture-in-picture, notification dots and the like. No big surprise, Google handsets will be the first non-beta phones to get the update. The Pixel, Nexus 5X and 6P are at the top of the list, alongside Pixel C tablet and ASUS’s Nexus Player set-top box, which will be receiving the upgrade i
Post a Comment
Read more

Uber, Google and other tech employees form Coalition of Black Excellence

By
When black employee resource groups from a variety of tech companies come together, black magic happens. More specifically, black excellence happens. The Coalition of Black Excellence Week, spearheaded by Uber Litigation Counsel Angela Johnson in collaboration with black ERGs from over 40 tech companies like Facebook, Google, eBay, Lyft and Microsoft, kicks off this Monday in the San Francisco Yay (Bay) Area. The idea for CBE Week came in part from Johnson’s experiences living in Washington D.C., and being able to attend events put on by the Congressional Black Caucus, she told me at Uber’s headquarters this week. “When I moved out to the Bay Area, I really wished there were similar types of experiences for tech,” Johnson said. “And I thought if we could bring together different black ERGs, or diversity and inclusion committees, or people who were interested in some of the issues the black community is passionate about, a lot of positive change and impact could come from that.
Post a Comment
Read more