95% of mobile users are under threat of Stagefright

In a grim reminder of mobile technology risks when more and more e-banking and e-commerce activities are moving onto the app platform, the “Stagefright” vulnerability is expected to expose all Android users including Lollipop 5.1.1 to risk of being hacked.

See details here

Also here

Stagefright is a multimedia library for the Android OS and is present in all the versions of Android from Froyo 2.2. The security risk is mainly related to an insecure code in Stagefright.

The vulnerability therefore encompasses 95 percent of Android smartphones  and tablets (nearly 1 billion devices) in use at present. It has been dubbed the worst vulnerability in the history of the Android mobile operating system, which was developed by Google.

Through Stagefright exploit, users can remotely take control of an Android device and access photos, cameras, private data and more. In Android devices that are running on Android versions older than JellyBean OS, hackers can gain control of the device, even if the MMS is not opened by the user. Moreover, on such devices, hackers will even be able to delete the problematic MMS without the consent of the user.

The Stagefright exploit is carried out by sending a malicious MMS to an Android device. However, the Android OS is unable to detect it as a security issue but only recognizes it as a video file.

Users of Google hangout are also vulnerable since the app may process the  videos for quicker viewing and hence receiving the message on Google hangout may be enough to make a user vulnerable.

It appears that the solution is not very complicated. In order to prevent such a hack attack, users are only required to disable the automatic retrieving feature for MMS. One can go to “Messaging”, click on “Settings” and “Remove the check on Auto Retrieve”.

Naavi

india_insurance_logo_2

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.