Virtually all mobile devices with Android operating system are vulnerable to attack by hackers with malicious code from a multimedia text message could also send malicious Web sites warned Monday signature research in computer security.
The vulnerability affects no less than 950 million devices (smartphones and tablets) with Android, and according to Joshua Drake, vice president of security research company Zimperium, the Stagefright fault lies, a feature that automatically downloads video files attached to texts to prevent recipients have to wait to see. That is, a function of preview.
The worst is the use of a modified multimedia message (MMS). All that the attacker would need is the phone number with vulnerable Android. From there, the message would trigger the malicious code in the device without the user having to do anything, and without showing any sign that something is wrong. That is, the code does not even need the victim “OK” to gatillarse and could even do it while the owner of the device is sleeping.
“A fully successful attack You could even delete the message before the user sees it. Just look notification. These vulnerabilities are extremely dangerous because they do not require the victim to take any action to be taken advantage of. Unlike phishing, where the victim has to open a PDF file or a link sent by the attacker, this vulnerability can be activated during sleep. Before he wakes up, the attacker would eliminate any sign that the device is in danger and the user would have without knowing it a phone with a Trojan on your system operating “says Zimperium on its website.
The flaw can also be exploited using other techniques, including links to malicious sites. Drake outline six or more other techniques that hackers could use in August at the annual meeting Black Hat security, held in Las Vegas, where he will speak justly entitled “Stagefright: code fear in the heart of Android”.
According to him, all versions of Android 2.2 later and included the potentially vulnerable and dependent on each manufacturer to fix the bug. So far, very few have been solved, and is estimated to be 95 percent of Android devices are now susceptible to attack. The most vulnerable of all are those that run versions prior to Android 4.3 (Jelly Bean).
Zimperium revealed that reported privately to Google (responsible for Android) on this subject, and the company welcomed the report in addition to sending the patch to their associated manufacturers. But according to estimates of the security firm could be years before the patches are distributed to certain models, and many of those do not even receive.
No comments:
Post a Comment