Tuesday 28 July 2015

Android Phones Can Be Hacked With Just A Text Message

Android Phones Can Be Hacked With Just A Text Message

Yes, you heard it right!

About 990 Million Android Phones could be hacked with just a simple text. This is one of the biggest smartphone flaw ever found.

A Security Research Company ‘Zimperium’ claims to have found a bug to tap into the world’s most popular mobile platform. This hack relies on flaw found in Stagefright, a core android component and a media playback service that’s built into Android which is used to process, record and play the multimedia files.

This security hole puts 990 million Android devices at risk. And that is truly a huge number of smartphones. In 2014, more than 1 billion Android phones shipped throughout the world, in accordance with Researcher Strategy Analytics, which expects the number to go up in 2015 and beyond. Zimperium termed Stagefright the "Mother of all Android vulnerabilities". In this attack, the victim would not need to do any mistake like opening an attachment or download a file that's corrupt. The malicious code would take over instantly, the moment you receive a text message. You may not even see anything.

Once the attackers get in, Drake says, they would be able to do anything — may be copy or delete the data, take the control of your camera and microphone to monitor your every move. "It's really up to their imagination what they do once they get in," he said.

Joshua Drake, VP of platform research and exploitation of a mobile security firm Zimperium, reported the flaw to Google earlier this year, but he said that most manufacturers have not made fixes available to the user base till date. 

All the bugs are provided with CVE numbers, used to identify the severe vulnerabilities. They include CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. When the disclosure lands today, security researchers and attackers could have enough information to get cracking on exploits. Manufacturers have been requested to bring in patches as soon as possible to protect their consumers against this malicious flaw.

Even more information will be disclosed by Drake who deserves much credit for his work in addressing and fixing the issues, in full at the Black Hat and Defcon security events going to taking place in Las Vegas next week.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer