Monday, 27 July 2015

Millions Of Android Phones Vulnerable By New Leak

Researchers have discovered a serious vulnerability in Android which makes it possible to gain access to devices simply by sending an MMS message. Then an attacker can steal information, read emails, activate the microphone and perform other tasks. The vulnerability is in Stage Fright, a media library that handles various popular media formats.

Security Zimperium discovered vulnerability in the Android part, that the self worst Android leak calls so far. An attacker only needs namely to send an MMS message to execute code on the device. It is thereby even possible to remove the message before the user gets to see it. Only the acknowledgement is all that is visible. The researchers warn that the vulnerability is very serious, because there is no interaction from the victim is required.

Estimates suggest that 950 million Android devices running risk. The problem is particularly acute among Android versions Jelly Bean, which is about 11% of all Android devices. Zimperium warned Google that has already rolled out patches for Android. In many cases, telecoms providers and manufacturers are, however, responsible for distributing updates to their users and the security company also fears that it may take a long time before everyone is protected.

Two manufacturers, however, are a positive exception. Meanwhile the Black Phone Silent Circle is patched and Mozilla Firefox is protected from the issue. At the upcoming Black Hat conference in Las Vegas will have more details about the vulnerability are announced.

1 comment: