Sunday, 2 October 2016

Android is on FIRE, A simple text message capable of hacking 950 million Android phones


The day reported of some real threatening news of a text message, crooked capable of hacking the entire phone and its content. This has put dark clouds on the Androidphones that are widely used today. These mobile devices are vulnerable to such hacks wherein a malformed message in form of a text appears on your phone’s screen and spreads the malicious code in your phone, as soon as you unlock the screen to check that text message.

It will also allure you and take you to some website that has a video, once you open that video that malicious code spreads in your phone. This is not a small deal, this malicious code can affect 950 million android phones.

Joshua Drake who is vice president of platform research and exploitation at well-known security firm   Zimperium briefed about the processing of this code inside the phone , he revealed code stays at the Stagefright  , it is a library which is used by different codes that takes various media formats.

This used of MMS is dreadful of all as it just needs to be send to a vulnerable Android phone number and this message will repeatedly execute that malicious code which is stored in library. This is so powerful that it can delete any text message the moment you receive a notification of text message received.

This is not like spear phishing in which victim would do some steps like opening a pdf or going to a link send by attacker, this virus will spread and will execute itself without leaving a trail of activities done on your phone and you will be losing out data slowly while living with a compromised phone.

This is not a small deal as it can affect more than 950 million phones available in Android. More on this Trojan attacks through code via Text message would be discussed at Black Hat’s Security conference at Las Vegas by Drake. The entire title of this discussion is Stagefright: Scary Code in the Heart of Android.

Vulnerability towards such Trojan attack increases after update of 2.2 or above, this is basically a bug which is still not patched creating dark clouds over 950 million Android devices. Most of the Android devices that receive regular security updates are also vulnerable to this dreadful Trojan attacks like Nexus 5. Mostly Android devices running on Jelly Bean are at great risk and require a major update.

Not just phones, this has affected the all Firefox platforms, this is majorly due to loop holes in StageFright and it has affected Firefox OS though developers have fixed upgraded versions after 38. With Firefox the Trojan gets into the system through an infected video that will get automatically downloaded by Firefox with specifications like width=”300″ height=”150″.

Security features of Android phone is much strict as it a sand box that prevents apps peeping in data used by other applications whereas the phones from world known companies like AT&T, Verizon, Sprint, T-Mobile are also vulnerable to threat of Trojan.

The worst case scenario would be a traojan uses all the resources of your phone like its camera feeds by getting access to its StageFright code. They try to skip and deceit sand box as explained by Drake. There are root exploits as well who help attackers in gaining a control over sand box thus making attackers have all the required access over phone, such roots are PingPongRoot, Towelroot, and put_user that makes a device at risk and weak.

Users safeguard them by installing the most updated version that is bug fixed and keeping a check on their phone settings. They can also disable automatic downloading of messages and other content into the phone through applications. We hope sooner we will receive a patch to permanently fix this bug till then we need to be extra cautious and try not to live with a trojaned phone. Google has appreciated Drake contribution in revealing and educating about this bug and its problems.




from WordPress http://ift.tt/2d5WBed
via IFTTT
Share:

0 comments:

Post a Comment