It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Vast Majority Of Android Devices Are Vulnerable To 'Stagefright' Exploit

page: 1
4

log in

join
share:

posted on Jul, 28 2015 @ 02:37 AM
link   


In a blog post published today by the researchers at Zimperium Mobile Security, the group divulged an extremely widespread security vulnerability that can be exploited with nothing more than a targeted MMS message. The hole exists in the part of the Android operating system called Stagefright, which handles the processing of certain types of multimedia.

Vast Majority Of Android Devices Are Vulnerable To 'Stagefright' Exploit That Can Be Executed Via Text Message, According To Researchers

This is very serious.


If targeted, the hypothetical hacker needs only to send an MMS message, which in many cases doesn't even need to be read before the attacker gains access to the victim's microphone and camera. The file will contain malicious code that executes by taking advantage of the problems in the Stagefright codebase. In the worst case, Zimperium says, the attacker could remove any trace of the offending MMS before the end user is every made aware that one is received.


It seems this just hit the wires within the last 24 hours and almost a billion devices running android from 2.2 up are vulnerable to this exploit. I've read that google has pushed out a fixed media.stagefright library fix to major phone vendors but pushing that to the phones may be difficult. I have a rooted phone and I'm going to try and flag some buildprop settings to false for that library and see if I end up with a bootloop.
edit on 28-7-2015 by mockingmay because: (no reason given)




posted on Jul, 28 2015 @ 02:43 AM
link   
Wired
Slashdot
Oneplusone
XDA
Hackernews
Forbes
edit on 28-7-2015 by mockingmay because: (no reason given)

edit on 28-7-2015 by mockingmay because: added another link



posted on Jul, 28 2015 @ 02:45 AM
link   
a reply to: mockingmay

Anyone who uses a cell phone is vulnerable to this type of exploit , Have you read the "access agreement " on that FB app or that Chrome browser ? now days everyone is unsafe .


My self personally , I keep anything of importance stored on an external HD , Or flash drive ....


edit on 06/17/2015 by Kapusta because: (no reason given)



posted on Jul, 28 2015 @ 02:48 AM
link   
a reply to: Kapusta

That reminds me.. I think Firefox is effected to. I forget which versions. Anyways Yes.. I store nothing on the cloud except my personal owncloud hosted on my server with encryption both in owncloud and locally. Overkill who cares, better safe than sorry.
edit on 28-7-2015 by mockingmay because: added a link



posted on Jul, 28 2015 @ 02:55 AM
link   
a reply to: mockingmay

I thought this was already posted.



posted on Jul, 28 2015 @ 02:59 AM
link   
a reply to: reldra

If it was I didn't see it. I did a quick search for "stagefright android" which is the exploitable library in android.
edit on 28-7-2015 by mockingmay because: typo



posted on Jul, 28 2015 @ 03:24 AM
link   
a reply to: mockingmay

I made have read it else where, but it is for both IOS and Android Source



posted on Jul, 28 2015 @ 03:34 AM
link   
Anyone who believes their devices are secure/private are fools.
Laptops, phones, watches, computers.. you name it.

If you have wifi, lan, bluetooth capability on it.. then your legs are open!

Anyone who thinks otherwise is insanely naive!



posted on Jul, 28 2015 @ 03:37 AM
link   
a reply to: reldra

I didn't know that. Thanks for the link. I did manage to disable it in build.prop on my rooted android. Not sure if that will solve it but tried it anyways.
edit on 28-7-2015 by mockingmay because: (no reason given)



posted on Jul, 28 2015 @ 04:44 AM
link   
I hate being that person that creates a thread and walks away but it's 4:42am here. I'll check back on the thread after some sleep.



posted on Jul, 28 2015 @ 09:01 AM
link   

originally posted by: Agit8dChop
Anyone who believes their devices are secure/private are fools.
Laptops, phones, watches, computers.. you name it.

If you have wifi, lan, bluetooth capability on it.. then your legs are open!

Anyone who thinks otherwise is insanely naive!


I have to agree 100%. It's not conspiracy either, I have worked in IT for over 10 years. The back doors are built into the manufacturer software and also come in the form of patches/firm ware updates. They were built in to give big brother access but a door is a door, you only need the knowledge of its existence and a tool or 2 to exploit it.

Those back doors have turned into a huge black market money machine, pumping wealth from the people without people really even realizing it. (till you get your credit report or apply for a loan)

If it connects to a network or a network capable device, it is not secure.



posted on Jul, 28 2015 @ 03:10 PM
link   
I have an HTC One M9, which is Android powered. This may be unrelated but, earlier today my phone automatically updated itself. I have it set so it doesn't update anything without my permission. But out of no where it shut down and updated. It took about a half hour from start to finish (without Wi-Fi), and I can't seem to find any changes to anything.



posted on Jul, 28 2015 @ 04:50 PM
link   
a reply to: MDpvc

Now that's strange. I haven't heard anything about forced updates. If I'm correct there is no way to disable direct OS updates on the android phone. ?!?! I wouldn't be surprised if they do force a fix. Its a small file that needs updated.

BTW, How do you know it updated? Are you using the stock OS?
edit on 28-7-2015 by mockingmay because: (no reason given)



new topics

top topics



 
4

log in

join