Watch Out For The New Android Hack

Researchers at Zimperium zLabs have uncovered a series of vulnerabilities affecting Android operating systems that could affect millions. By simply sending a text message with an infected attachment, a hacker may be able to trigger a remote code execution vulnerability that would allow access to the targeted device.

Reported earlier in April, Joshua Drake, a member of the zLabs research team, discovered what is being called “Stagefright”. Named after the media playback tool in Android, Drake noted that all an attacker would need are mobile phone numbers. From there, an infected Stagefright multimedia message could be texted to unsuspecting devices which would allow the attackers to write code to the device and steal data, including audio, video and photos stored in SD cards.

The vulnerability is said to affect an estimated 950 million phones worldwide. The Android vulnerability affects any phone using Android software made in the last five years, according to Zimperium.

Because of how some applications process incoming text messages, a device could be infected by the remote code execution malware without even knowing that a message had been received. Drake reported that apps such as Google Hangouts would “trigger immediately before you even look at your phone… before you even get the notification”. It would be possible to delete the message before the user had been alerted too, making attacks completely silent, he added.

Google was alerted by zLabs of the discovery and has confirmed that patches were issued and distributed, however it is not clear what devices are still vulnerable. Drake noted that Android operating systems 2.2 and later were all found to be vulnerable. Distribution of patches for these types of vulnerabilities is difficult due to how many different entities are involved and the coordination that is needed.

Unlike the patching of the Apple text hack, where only Apple devices were affected, the Android patches must be made available to multiple manufactures, as well as carriers. As of the time that the initial report was made to Google, roughly 109 days ago, no patches have been released to address the Stagefright vulnerability.

Zimperium, claiming to have the “biggest splash at Black Hat and DEFCON” for 2015, will be showcasing Drake’s findings at the security conference in August.

Although it is unknown if this vulnerability has been exploited in the wild, you can be certain that once the details of the vulnerability are disclosed in full, there will be nothing to keep hackers from attempting to exploit the issue. If indeed there are patches available for this finding, manufacturers and carriers alike have less than two weeks to distribute them.

 

Gabe Morales is the Senior Security Manager for Accume Partners and has over 15 years experience in IT Security.

More from Dre Dynasty

Get Lucky for Lupus LA Celebrity Poker Tournament and Party with Michael B. Jordan

Lupus LA showcased its Annual Get Lucky for Lupus LA Celebrity Poker Tournament and Party last...
Read More

14 Comments

  • Derma Veil ® 被喻為新世代逆齡完美輪廓塑造,最新一代的PLLA膠原。 2003年獲得Mexican Ministry of Health (SSA)認證及美國FDA出口認證,並於2006年在拉丁美洲及遠東至東南亞地區廣泛使用,多個臨床實例見證能改善老化、遺傳、疾病(如脂肪萎縮)等引起的凹陷問題,其效果備受認同。蘊含兩大活性成分均具有生物兼容性及分解性,可逐步被人體自然分解吸收,有效塑造童顏肌 : 1. 聚左乳酸 (Poly-L-lactic acid / PLLA) : 促進骨膠原生長 2. 甘醇酸(Glycolic Acid ) 使皮膚表皮層黏膠性脂質鬆軟,改善皮膚厚度,加速細胞再生,減少皺紋及疤痕,加強保濕功能,增加光澤,美白效果。 由於甘醇酸分子較小,容易滲透皮膚 治療前: 皮膚的凹陷/皺紋 治療後: 成分被人體吸收、並刺激膠原增生,撫平皺紋及凹陷部位。 注入BOTOX(保妥適)會抑制突觸前膜釋放神經遞質,阻斷乙酰膽鹼(Acetylcholine)的釋放,從而使肌肉張力下降或癱瘓麻痺,皺紋也隨之而逐漸消失。

  • 「 生蛇 」( 醫學名稱是 『帶狀疱疹』Shingles ) 是由水痘病毒引起的疾病。水痘癒合後,病毒在神經細胞潛伏多年,日後隨時重新激活後導致的帶狀皮疹,就是「 生蛇 」。因此,凡感染過水痘的人,都有機會「 生蛇 」。病發時,身體某一部位會感到內疼或劇痛,通常是臉或背部及腰部的一側;這時由於病毒從脊髓處沿其中華一條神經擴散到身體以及去到連接的皮膚表面,形成紅疹及小水疱。帶狀疱疹疫苗Zostavax康栢苗 (蛇針)能助減低「 生蛇 」的機會,有效預防: 「 生蛇 」( 帶狀疱疹 ) 成效高達 70% 「 生蛇 」的後遺神經痛:即使紅疹痊癒,神經痛還可以持續數月或數年。年紀越大,持續有後遺 神經痛風險越高 「 生蛇 」引起的急性及長期痛症 不適用人士: 曾對疫苗成分包括明膠( Gelatin ) 及紐奧黴 ( Neomycin ) 有過敏性休克反應的人士 有原發及繼發性免疫系統問題的病患者,或正服用抑鬱免疫系統藥物(如高劑量膽固醇)的病人 患有肺結核,正發病及未經治療人士 孕婦

  • 嬰兒割雙眼皮廣告挨轟 恐違醫療法 可罰5萬~25萬元 @ 察爾斯大夫 美麗殿堂 Dr. Charles Meridien Palace :: 痞客邦 :: 嬰兒割雙眼皮廣告挨轟 恐違醫療法可罰5萬~25萬元 優活健康網 – 2014年1月26日 (優活健康網記者陳靜梅/綜合報導) 每個人都是上天的禮物,想整形讓自己更美,無可厚非、全是

  • 激光是單一波段的光能 , 在同一時間發射 , 光線能量較為集中 , 能深入皮膚打擊患處之異常色素或血管 , 溫和地刺激皮膚內的骨膠原更生, 新生的骨膠原令您的膚質光澤柔嫩 , 煥然一新 , 抗老效果顯著。有效治療色斑(雀斑 , 太陽斑 , 咖啡斑 , 太田痣 , 紋身) , 血管問題 (葡萄色斑 , 微絲血管擴張) , 膚色不均 , 皮膚鬆弛 , 毛孔粗大 治療後皮膚會出現短暫的紅腫 , 要注意防曬及遵照醫生指示護理皮膚

  • ORION是一部擁有三重長脈衝 755nm/1064nm/532nm的激光儀,提供專業和最新的技術,強調其穩定性和便利性的能力。另外,最佳的參數是基於各種臨床結果提供的。三長脈衝激光系統 -Long pulsed Nd:YAG (1064nm) -Long pulsed Alexandrite (755nm) -Long Pulsed KTP (532nm) 先進技術 – 氣冷卻系統(ACD) – 智能面板 – 三波長 – 高電源 應用 -Long pulsed Nd:YAG (1064nm)●脫毛●嫩膚●血管病變●腿部靜脈曲張●痤瘡●灰指甲●疣-Long pulsed Alexandrite (755nm)●脫毛●美白肌膚●色素性病變●黑頭●黃褐斑●疤-Long Pulsed KTP (532nm)●血管病變●酒渣鼻●色素性病變●太陽雀斑●美白肌膚●鮮紅斑痣●血管瘤

Leave a Reply

Your email address will not be published.