  Stagefright bug makes 95% of Android phones vulnerable to hacks July 28, 2015 - 14:20 AMT PanARMENIAN.Net - Six critical vulnerabilities have left 95% of Google Android phones open to an attack delivered by a simple multimedia text, a mobile security expert said, according to Forbes. In some cases, where phones parse the attack code prior to the message being opened, the exploits are silent and the user would have little chance of defending their data. The vulnerabilities are said to be the worst Android flaws ever uncovered, Forbes reports. Joshua Drake, from Zimperium zLabs said whilst Google has sent out patches to its partners, he believes most manufacturers have not made fixes available to protect their customers. “All devices should be assumed to be vulnerable,” Drake, vice president of platform research and exploitation at Zimperium, told Forbes. He believes as many as 950 million Android phones could be affected, going on figures suggesting there are just over 1 billion in use. Only Android phones below version 2.2 are not affected, he added. The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits with mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions. That would allow for recording of audio and video, and snooping on photos stored in SD cards. Bluetooth would also be hackable via Stagefright. Depending on the MMS application in use, the victim might never know they had even received a message. Drake found that when the exploit code was opened in Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”. It would be possible to delete the message before the user had been alerted too, making attacks completely silent, he added. Drake sent several vulnerability reports along with patches to Google on April 9. Just a day later, according to Drake, Google confirmed the patches were accepted and would be included in a future release. He reported a second set of issues to Google on May 4, and on May 8 Google confirmed patches were being scheduled. A total of seven vulnerabilities have fixes ready.  Top stories Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT). Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues. Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls. Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020."   Partner news Most popular in the section |  Latest news Erdogan wants “realistic road map” for relations with Armenia  Turkish President Recep Tayyip Erdogan has called for a “new realistic road map” for relations with Armenia.Armenia-Azerbaijan: Experts launch work on determining coordinates Expert groups from the countries started the process of determining the coordinates based on geodetic measurements.Yerevan says did not expect CSTO in peacekeeping role Pashinyan has declared that the CSTO would be expected to come to the Armenia-Azerbaijan border as an ally of ArmeniaHenrikh Mkhitaryan wins Serie A title with Inter Inter Milan midfielder Henrikh Mkhitaryan admits that the team have long been imagining clinching Serie A against AC Milan. |
