A new vulnerability may found in android phone in which hacker can enter into any android phone using just a simple message send to any user's android phone - It is just like same as we all saw in movies hacking trick. But, yes this new vulnerability found in the android phones as researcher reports and this is biggest vulnerability in the android device.
- Researchers at Zimperium Mobile Labs, where it was discovered by VP of Platform Research and Exploitation Joshua Drake, claim that up to “95% of Android devices” are vulnerable.
- To initiate the attack, the hacker sends a maliciously modified video message. The message is able to circumvent Android’s sandboxing security measures and execute remote code — at which point they’d have near-full access to your device, its storage, its camera and microphone, etc.
- The hack is being referred to as “Stagefright.” “Stagefright” is also the media library that Android uses to process video, and is the bit of code being exploited here.
- In many cases, the device will start processing the message without the user opening the message manually. Just receiving the message is enough to get the ball rolling.
- Worse yet, an attacker could theoretically delete the message themselves as soon as they’ve executed the attack, leaving behind no trace but a notification that most would quickly swipe away with no idea that their device is now under an attacker’s control.
- The bug is said to have been introduced in Android v2.2 (Froyo), but Zimperium has successfully tested it on builds as recent as the latest release, Android 5.1.1 (Lollipop). Devices running a build older than Jelly Bean (4.1) are said to be most vulnerable.
As reported by the Google's Spokesperson,
“We thank Joshua Drake for his contributions. The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.
Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”
But the GOOD NEWS is that google has already fixed this vulnerability as this is patched by the OTA update.
And the other news is that it also depends on the manufacturers of the mobile phones that they will include the patch in the software update or not.
No comments:
Post a Comment