Stagefright will scare the pants off Android users

Written by on July 28, 2015 in News with 0 Comments

Scaring the pants off youStagefright, believed to be the worst Android vulnerability discovered to date, exposes 95 percent of Android devices (an estimated 950 million of them) to external attack.

Joshua Drake from Zimperium zLabs, after “diving into the deepest corners of Android code,” found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction.

In layman’s terms, attackers only need your mobile number, through which they can remotely execute code via a specially crafted media file delivered via MMS.

The Zimperium site states that, “a fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited.

Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

According to Zimperium, it not only reported the vulnerability to Google’s Android teams, but also submitted patches. Considering severity of the problem, Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that’s only the beginning of what will be a very lengthy process of update deployment.

More information is available at the Zimperium website.

Tags: , ,

About the Author

About the Author: From our press centre we select the top industry news stories from the leading online publications and wire services and bring them straight to you. .


If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.