Is Your Android Device At Risk Of ‘Stagefright?’ 950 Million Devices Exposed By New Security Vulnerability
Discovered by Joshua Drake at Zimperium zLabs, vulnerabilities uncovered in the Stagefright Android-native media player allow attackers with access to an exposed Android phone’s number to gain control of the device using methods that do not require any user action. Attackers can trigger the playback of audio-visual content by sending vulnerable devices MMS messages or can simply kick off a Google Hangout to gain access to an Android device. Once they have launched an exploit taking advantage of the Stagefright vulnerabilities, malefactors can initiate remote code execution (RCE) to run malware, extract data, and take over the device for a range of purposes, all without detection by users, operators, and by most Mobile Device Management (MDM) software used by companies to govern employee access to corporate networks.
The Zimperium team elaborated on the covert nature of this threat, stating,
Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.
Read More (originally published in Open Source Delivers on 07/28/2015)