A week before the BlackHat and DefCon conferences, researcher Joshua Drake published their findings of a vulnerability in the heart of Android that could allow attackers steal information device via code executed remotely just by sending an SMS prepared for this purpose. According to researcher Zimperium zLabs, almost 950 million devices could be vulnerable .
As was described as one of the greatest vulnerabilities of history, we decided to prepare a brief guide Frequently asked questions about, to better understand vulnerability and also know if your Android device is vulnerable.
Is it really the worst vulnerabilities for Android?
It’s hard to label a vulnerability as “the worst” because the basis on which to make such an award, varies considerably. For example, number of affected devices, ease of conducting the attack, number of exploits in the real world, etc. Anyway, with 950 million Android users potentially affected and after a failed attempt by Google to fix it, we should take more seriously than some other vulnerabilities.
How does this vulnerability works and why it is called Stagefright?
Among the thousands of lines of source code of Android there is a multimedia library called Stagefright which is responsible for managing multimedia formats and allows being played music and videos on your Android devices. An attacker could exploit this vulnerability to make a MMS with an exploit and send it to the victim. In this case, this could be a targeted attack based solely on the phone number of the victim, which is the only information needed to send the malicious MMS. It all depends on what application you use to view the MMS, as the Messenger regulate the exploit could be executed only after seeing the MMS not play the media file. If Hangout is used, it could be worse because the device would be compromised almost automatically, even before you could see the notification
What versions are vulnerable?
According to the investigation all Android versions from Froyo (2.2) inclusive, are vulnerable, which means 95% of devices … or almost 950 million users worldwide. In addition, versions prior to Jelly Bean are most at risk, since they have incorporated appropriate against exploits mitigations
also note that Stagefright actually consists of seven different vulnerabilities (and more reported in the first attempt to patch). Google has released a first patch but researchers Exodus and found a bug in the update. This week, Google released another patch to mitigate these vulnerabilities.
The problem is who will receive these updates. Users of devices such as Google Nexus 6 can be assured that this patch will be released. The point goes through the party, which could launch the update only their latest devices, leaving a large majority without updating because neither manufacturers nor carriers bother to send the update to devices considered obsolete.
Is your Android vulnerable?
To make it easier for you to detect if your Android device is vulnerable, we launched an application that can be downloaded directly from Google Play.
can also check with your manufacturer if the patch for your Android device you have installed. Anyway, as we saw last week, including the update may contain additional bug. Therefore, we recommend that you check not only whether the device is vulnerable, but also mantegas alert you to any new information that may arise on this subject.
In addition, we recommend turning off the auto-recovery either Messenger (within the Advanced Settings) and Hangout (Settings / SMS / Auto Recovery)
Credits image: © Kham Tram / flickr
Author Raphael Labaca Castro, ESET
No comments:
Post a Comment