Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Stagefright and the Scary Reality for Your Phone
#1
Exclamation 
Ahead of a key cybersecurity conference next week, a newly discovered weakness in Google phones poses a bad omen.

Hackers can target Android phones through a
weakness in the operating system, experts say.

By Tom Risen
July 28, 2015 | 3:06 p.m. EDT

As experts ready for next week's Black Hat
cybersecurity conference, the talk of the town is who could get Stagefright.

According to research by Joshua Drake, an
Android expert with Zimperium Mobile Security,
a gap in Google’s smartphone operating system can allow hackers to target its Stagefright media library.

Intruders can gain control of an Android phone’s camera or microphone simply by sending a multimedia message containing malicious code to exploit the weakness in Stagefright's code.

Related Story
Can Hackers Really Target Your Smart Car?


Nearly all Android devices – approximately 950 million – are vulnerable to such an attack,
researchers said. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep,” a Zimperium blog post explaining the problem said.

“Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

Nobody has been affected by the flaw and
Google has pushed updates to secure the vulnerability, a Google spokesperson tells U.S. News.

Unfortunately, publishing new security updates is just one step companies need to take to protect their customers, says Ben Johnson, chief security strategist for the cybersecurity firm Bit9 + Carbon Black.

Once Google has fixes for the software, it needs to coordinate with companies like Sprint or T-Mobile, which sometimes make customer versions of Android phones, to make them available. It also must extend that
coordination to international device makers and customers, and users must agree to update their software, Johnson explains.

“There are multiple stages where the update
could be delayed,” he warns about the response to the security gap.

Johnson will be among the researchers
attending Black Hat next week in Las Vegas,
where improving responses to security flaws will be a major focus for cybersecurity experts as they showcase their software and learn more about newly discovered problems in devices.

Many at the conference want more companies
to open their device software to broader scrutiny from researchers before it is sold to consumers, Johnson says.

Doing so could help prevent problems like the Stagefright vulnerability, which shows the risks of interconnecting too many parts of a device.

Security researchers Charlie Miller and Chris
Valasek recently exposed a similar flaw in
numerous vehicles built by Fiat Chrysler Automobiles, which enabled them to control the brakes and other features of a Jeep by
accessing its Uconnect entertainment system.

They are expected to provide more details
about their hack during the Black Hat
conference. Johnson says message-based attacks on Android phones are unlikely to become common in the near future, as hackers instead will likely continue traditional attacks like spear phishing emails that trick users into uploading malware onto a computer through links in phony messages.

The Stagefright vulnerability is a sign of things
to come, however, as the growing Internet of
Things ecosystem offers a range of options for hackers to invade user privacy.

“More and more people are going to be trying to show off things like, ‘I hacked your fridge since it now has an IP address,’” Johnson says of the risks facing Wi-Fi connected devices.
Semper Fidelis

[Image: SyAa0qj.png]

USMC
Nemo me impune lacessit
Reply


Messages In This Thread
Stagefright and the Scary Reality for Your Phone - by IceWizard - 08-01-2015, 11:00 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)