A newly discovered Android security vulnerability is a major threat to over 95% of the Android smartphone users. If you are among the Android 2.2 to 5.1 OS user base, then you can count on your phone or device being susceptible to this threat. The discovery was made by the cyber security firm, Zimperium who have pointed out the media library (the part of the OS that handles media files), as the culprit, Zimperium has nicknamed this vulnerability, Stagefright.
The company will present their findings at Black Hat 2015 Security Conference, a renowned hacking conference scheduled to be held in August 2015. This is how the vulnerability will function.
The hacker will need the victim’s telephone number to send a malicious media file through MMS that will give hackers easy access into the device. Once the exploit is embedded in the phone, the hacker can read communications, steal files, personal credentials, and even operate the phone’s microphone. Moreover, the hacker can delete all traces of the hack and it is practically untraceable.
According to Zimperium chief technology officer, Zuk Avraham, “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”
Even though Google apply patches to their OS using the Android Open Source Project (AOSP), Zimperium says that device owners should be alert and always keep their phones updated. You can do this by reaching out to your OEM manufacturer and make sure your phone is running the latest, secure version of the Android OS. This is a serious exploit and doesn’t even require any interaction from the user. All it needs is one-time interaction with your phone and you could be victim to it.
The threat has been assessed by Joshua Drake, a top Android Researcher who is part of the Zimperium’s zLabs team, he has called it ‘Mother of all Android Vulnerabilities’. In short, if you are aware of the infamous Heartbleed bug that crippled SSL (Secure Sockets Layer) in 2014, this is a much worse threat.
Via VentureBeat , Zimperium & featured image from Android Authority.