الجمعة، 7 أغسطس 2015

I can hack you with just knowing your number - Android Stage Fright Vulnerability


stage fright

There it is,

In July 2015, security company Zimperium announced that it had discovered a "unicorn" of a vulnerability inside the Android operating system. More details were publicly disclosed at the BlackHat conference in early August — but not before headlines declaring that nearly a billion Android devices could potentially be taken over without their users even knowing it.

So what is "Stagefright"? And do you need to worry about it?

We're continuously updating this post as more information is released. Here's what we know, and what you need to know.

What is Stagefright?

"Stagefright" is the nickname given to a potential exploit that lives fairly deep inside the Android operating system itself. The gist is that a video sent via MMS (text message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus the "Stagefright" name), which helps Android process video files. Many text messaging apps — Google's Hangouts app was specifically mentioned — automatically process that video so it's ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it.

Because libStageFright dates back to Android 2.2, hundreds of millions of phones contain this flawed library.

Who found this exploit?

The exploit was announced July 21 by mobile security firm Zimperium as part of an announcement for its annual party at the BlackHat conference. Yes, you read that right. This "Mother of all Android Vulnerabilities," as Zimperium puts it, was announced July 21 (a week before anyone decided to care, apparently), and just a few words the even bigger bombshell of "On the evening of August 6th, Zimperium will rock the Vegas party scene!" And you know it's going to be a rager because it's "our annual Vegas party for our favorite ninjas," completely with a rockin' hashtag and everything.

How widespread is this exploit?

Again, the number of devices with the flaw in the libStageFright library itself is pretty huge, because it's in the OS itself. But as noted by Google a number of times, there are other methods in place that should protect your device. Think of it as security in layers.

So should I worry about Stagefright or not?

The good news is that the researcher who discovered this flaw in Stagefright "does not believe that hackers out in the wild are exploiting it." So it's a very bad thing that apparently nobody's actually using against anyone, at least according to this one person. And, again, Google says if you're using Android 4.0 or above, you're probably going to be OK.

That doesn't mean it's not a bad potential exploit. It is. And it further highlights the difficulties of getting updates pushed out through the manufacturer and carrier ecosystem. On the other hand, it's a potential avenue for exploit that apparently has been around since Android 2.2 — or basically the past five years. That either makes you a ticking time bomb, or a benign cyst, depending on your point of view.

Stagefight detector apps
Goto playstore and search for lookout mobile security.

Sorry guys iam in a hurry burry.There will be a lot of typos.And the over all post design may be bad.

I am always onto my precious users to be secured.

Please go and query an update as soon as possible,before someone get into your phone.

My temporary fix suggestion will be, "DISABLE AUTO DOWNLOADING MMS CONTENT IN YOUR STOCK SMS APP".

Hurry up,before I hack you.:)

ليست هناك تعليقات:

إرسال تعليق