A major flaw in Android has been discovered by researcher Joshua Drake. The flaw affects nearly all Android users and is quite serious. An attacker can take over the OS using a simple MMS. All the attacker needs to know is the target's phone number.
The hack was developed by Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium. The hack relies on an Android component called Stagefright. The scary thing is a user doesn't need to execute code of the attack to take place. The code simply needs to be copied onto the system.
The library is not used just for media playback, but also to automatically generate thumbnails or to extract metadata from video and audio files such as length, height, width, frame rate, channels and other similar information.
This means that users don’t necessarily have to execute malicious multimedia files in order for the vulnerabilities found by Drake to be exploited. The mere copying of such files on the file system is enough.
The hack was developed by Joshua Drake, vice president of platform research and exploitation at mobile security firm Zimperium. The hack relies on an Android component called Stagefright. The scary thing is a user doesn't need to execute code of the attack to take place. The code simply needs to be copied onto the system.
This means that users don’t necessarily have to execute malicious multimedia files in order for the vulnerabilities found by Drake to be exploited. The mere copying of such files on the file system is enough.
This attack affects Android versions higher than 2.2. Most Android users are vulnerable to the attack today, and we all know how long Android updates take to come out. Drake did share his findings with Mozilla and security firm Silent Circle. Silent Circle patched their PrivatOS in version 1.1.7, but the rest of the Android world is still vulnerable. Let's hope the phone manufacturers take this serious and issue patches promptly.
[ Photo Credit ]