News & Updates

1 Billion Android devices at risk of remote hacking

Avoid Stagefright Vulnerability in Android
Written by Michael Katz

Over 1 billion of Android devices have become the target of newly discovered remote hacking. The causes behind all these mishaps are the flaws that are well located in the media related components and get triggered through the malicious websites.

The way Android platform processes the media files attract the most vulnerable conditions and allow attackers to force the users into visiting the malicious Web pages. The flaws are the method Android uses to process the metadata of MP3 audio and MP4 video files, and they get exploited once the whole Android system or any other app relying on its media libraries preview these files.

According to researchers by Zimpeium, the mobile security firm, earlier this year, similar multimedia flaws were encountered in an Android library known as Stagefright. This library could be simply exploited by sending a malicious MMS message on the Android devices. The researchers from Zimperium said in a report that these vulnerabilities can cause the execution of a remote code on all the devices starting from the version 1.0 to the latest 5.1.1.

Adrian Ludwig, Android’s lead security engineer, said that a coordinated patching effort from manufacturers of the device is triggered by these flaws. Adrian called it:

Single largest unified software update in the world.

Zimperium discovered a new flaw which is found in the core Android library called “libutils” which affects all the Android versions below 5.0 (Lollipop). Android Lollipopp (5.0- 5.1.1) can also be exploited by combining this newly found flaw with a bug found in Stagefright library. This new attack is termed as Stagefright 2.0 by the Zimperium researchers and is believed to affect over one billion devices.

After the enormous Stagefright flaws, all the messaging apps and latest versions of Google Hangout suppressed the attack vector of MMS. Zimperium researchers said that now the latest method of exploiting the vulnerabilities is through Web browsers. It’s been seen that attackers exploit the flaws by tricking users into visiting malicious websites through email links, instant messages and advertisements displayed on the sites. Attackers can easily inject the exploit into our unencrypted web traffic by simply intercepting users’ internet connection either through routers or on an open wireless network.

The researchers said a third party media player can also act as an attack vector by depending on the vulnerable Android media library for collecting metadata from MP4 and MP3 files.

The flaws were reported to Google on August 15 of this year and a fix is expected to come on October 5 of this year in the form of a monthly Android security update. The vulnerabilities are tracked by Google as CVE-2015-6602 and CVE-2015-3876.

Once the patches become available to the researchers from Zimperium, a free Stagefright Detector app will be updated for flaw detection.

About the author

Michael Katz

Michael Katz is a technology and security writer who grew up around technology. From a very early age, he has been in love with computers and follows many of the companies that produce them, hoping to learn more about what makes them tick. When not writing about technology and internet security, he can be found on the pitch with his friends playing a friendly game of football.

39 Comments

  • Thanks for ones marvelous posting! I quite enjoyed reading
    it, you’re a great author.I will ensure that I bookmark your blog
    and will often come back later in life. I want to encourage you continue
    your great work, have a nice evening!

  • Oh my goodness! Amazing article dude! Thank you,
    However I am going through problems with your RSS.
    I don’t know the reason why I am unable to join it. Is there anybody else getting similar RSS issues?
    Anyone that knows the solution can you kindly respond?
    Thanx!!

  • I have been exploring for a little for any high quality articles or blog
    posts in this sort of space . Exploring in Yahoo I ultimately stumbled upon this website.
    Studying this information So i am glad to exhibit that I’ve a
    very excellent uncanny feeling I discovered exactly what I needed.
    I such a lot without a doubt will make certain to don?t forget
    this web site and give it a look on a relentless basis.

  • Thanks , I have just been searching for information approximately this topic for ages and yours is the greatest I’ve came upon till now.
    However, what about the conclusion? Are you certain in regards to the source?

  • I delight in, lead to I discovered just what I was having
    a look for. You’ve ended my 4 day lengthy hunt! God Bless you man. Have a great day.

    Bye

  • I really like your blog.. very nice colors & theme.
    Did you make this website yourself or did you hire someone to do it for you?

    Plz respond as I’m looking to design my own blog and would like to know where u got this from.
    cheers

  • Wonderful blog you have here but I was wondering if you knew of any discussion boards that cover the same
    topics talked about here? I’d really like to be a part of
    community where I can get feedback from other experienced
    people that share the same interest. If you have any suggestions, please let me know.
    Kudos!

  • Hi there I am so happy I found your blog page, I really found you by mistake, while I was browsing on Google for
    something else, Regardless I am here now and would just like to
    say thanks a lot for a remarkable post and a all round
    entertaining blog (I also love the theme/design),
    I don’t have time to read it all at the minute but I have bookmarked it and also added
    your RSS feeds, so when I have time I will be back to read more, Please do keep up the fantastic
    job.

  • I’m really loving the theme/design of your blog.
    Do you ever run into any web browser compatibility problems?
    A few of my blog readers have complained about
    my site not working correctly in Explorer but looks great
    in Safari. Do you have any tips to help fix this problem?

  • Greetings! I know this is kind of off topic but I was wondering if you knew
    where I could get a captcha plugin for my comment form?
    I’m using the same blog platform as yours and I’m having trouble finding one?
    Thanks a lot!

  • Pretty great post. I just stumbled upon your weblog and wished to say that I have really enjoyed browsing your blog posts.
    After all I’ll be subscribing in your rss feed and I’m hoping you write once more very soon!

  • I know this if off topic but I’m looking into starting my own blog
    and was wondering what all is needed to get set up? I’m assuming having a blog like yours would
    cost a pretty penny? I’m not very web savvy so I’m
    not 100% positive. Any suggestions or advice would be greatly appreciated.
    Cheers

  • Needed to compose you that bit of observation so as
    to thank you the moment again over the wonderful tactics you have discussed on this site.
    It has been so wonderfully generous of people like
    you to grant unhampered exactly what a number of us would have supplied as
    an ebook to make some money for themselves, and in particular
    now that you might have done it in the event you decided.
    Those good ideas likewise acted to become great way to
    fully grasp that someone else have similar passion similar to my personal own to
    find out more in respect of this condition.
    I believe there are thousands of more pleasant moments ahead for individuals that read carefully your blog.

  • obviously like your web-site however you need to check the spelling on several of your posts.

    Many of them are rife with spelling problems and
    I find it very bothersome to inform the reality nevertheless
    I will certainly come again again.

  • Attractive component to content. I just stumbled upon your weblog and in accession capital to assert that I acquire actually enjoyed account your blog posts.
    Any way I will be subscribing on your augment or even I success you
    get entry to consistently fast.

  • I am curious to find out what blog platform you happen to
    be using? I’m having some small security issues with my latest website and I would like
    to find something more safeguarded. Do you have any suggestions?

  • Spot on with this write-up, I absolutely believe that this
    site needs a great deal more attention. I’ll probably be returning to see more, thanks for the
    information!

  • I blog quite often and I really appreciate your
    content. This great article has really peaked
    my interest. I’m going to book mark your blog and keep checking for new details about once a week.
    I subscribed to your Feed too.

  • Hey! This is my first visit to your blog! We are a collection of volunteers
    and starting a new initiative in a community in the same niche.
    Your blog provided us beneficial information to work on. You have done a marvellous job!

  • Excellent blog here! Also your website loads up very fast!

    What web host are you using? Can I get your affiliate link
    to your host? I wish my website loaded up as fast as yours lol

  • We absolutely love your blog and find a lot of your post’s to be just what I’m looking for.

    can you offer guest writers to write content available for you?
    I wouldn’t mind publishing a post or elaborating on some of the
    subjects you write concerning here. Again, awesome web log!

  • I know this if off topic but I’m looking into starting
    my own weblog and was wondering what all is required to get set up?

    I’m assuming having a blog like yours would cost a pretty penny?
    I’m not very internet savvy so I’m not 100% sure.
    Any recommendations or advice would be greatly appreciated.

    Many thanks

  • Excellent goods from you, man. I’ve understand your stuff previous to
    and you’re just too magnificent. I really like what
    you have acquired here, really like what you’re stating
    and the way in which you say it. You make
    it enjoyable and you still take care of to keep it sensible.
    I can not wait to read far more from you. This is really a wonderful site.

Leave a Comment