Sunday 2 August 2015

Android devices security problems: At risk of hacks through text messages

It used to be that a text message is a way to communicate with people, but now it appears that it can carry malicious files that can hack somebody's phone.
A mobile security team has uncovered a major flaw in Android phones, putting 95% of users and millions and millions of gadgets at risk of hack attacks.
The bug, called "Stagefright" from Android's media library, is dubbed as the popular mobile operating system's (OS) worst security flaw discovered ever, Fortune reported.
The bug, which affects Android phones running on version 2.2 and onwards, was announced last July 21 by Zimperium, a mobile security company, during the annual BlackHat conference.
The malicious program that would attack Android is embedded in a short video, which will be sent to a person through a text message, according to a report from NPR.
As soon as the receiver gets the infected text, Stagefright features prepare the video for viewing.
But apparently, as the program processes the video, that would be the time that hackers take the opportunity to take control over the phone, hijacking it and stealing data.
The worst part is that the user won't even know that a hack attack has already happened.
According to Zimperium Vice President of Research and Exploitation Joshua Drake, the attacker can even delete the infected message before the victim notices.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited," Drake stated in the company's blog post.
In a blog post from Twilio, there were tips that can lessen the risk of being vulnerable and these commonly point to disabling the automatic download of files sent through Multimedia Messaging Service (MMS).
However, doing the abovementioned step will only "partially" solve the problem. Android devices remain vulnerable to attacks as long as the bug exists. The complete solution will only come from a patch intended for the device.
According to CNET, Zimperium told National Public Radio that hackers have not taken advantage of the Android flaw so far.
Nevertheless, disabling the auto-download or auto-retrieve features should help in the meantime.

No comments:

Post a Comment