Well..You Had to Ask..

Bye Android,I hate you..!


In the beginning there was phone and then it became smart,it could feel our gentle touch and it became human like -Android. For a time,it was all good. So many apps for anything like getting rid of mosquitoes,making your dog sleep and for apparently for everything not to mention the updates which gets sweeter every year,and above all.....

It is built on linux kernal they said..
It doesn't need antivirus they said..
It is more SECURE they said..
Gets fucked by StageFright Bug -They never said!   ;( 

And Somebody said Android is a big pile of code -I didn't gave a shit then.


BUT Now..

Once again the android security is under question,thanks to Stagefright Bug 2.0


Well,StageFright Bug is a found to affect almost all versions of android,right from the 2.2 to 5.1 Lollipop,which accounts for nearly one billion Android smartphones and tablets. This vulnerability was found by Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It was scarry as it could let hackers to hijack Android smartphones with just a simple text message !
The vulnerability exists in a core Android component called "Stagefright," which is a multimedia playback library used by Android to process, record and play multimedia files.

As If That Wasn't Enough - StageFright 2.0  !


This time it is even worse! According to the findings of Joshua Drake this vulnerability can be exploited in several other ways,not just hacking users through text message. This new flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4.

Here is how it works..


Elder to first stagefright bug,both the newly discovered vulnerabilities also reside in the Android Media Playback Engine and affects all Android OS version from 1 to latest release 5.1.1. That's Awesome!

And the happy news is that merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit, allowing hackers to run remote codes on the victim's Android device. (Imagine you send your enemy a Justin Beiber Song link and ..BOOM! )

No that isn't the worst Part: New Attack Vectors found.


Just like android apps and features,it's bugs also comes with choices and diversity. One can unleash hell in a droid by more than one ways,which are as below. 
  • · Webpage
  • · Man-in-the-middle attack
  • · Third-party media player
  • · Instant messaging apps
As per Zimperium Blog an attacker could attempt local privilege escalation to take complete control of the device once hacked which is pretty great. I remember a quote:

“Google takes no responsibility to update customer devices and refuses to take responsibility to update their devices, leaving end users and businesses increasingly exposed every day they use an Android device.” (Terry Myerson,Windows chief )

And The Solution?(Apart from Ditching Your Android Device..)


Security Update is expected on 5th October 2015,by google. Google has already shared vulnerability report and patches with OEM Partners on Sept. 10. So you might be receiving patches soon from your Android device manufacturer,if you are lucky. So you can test your patience before switching to windows phone or blackberry.  (Sorry iPhone I hate you more :P )

Post a Comment

 
Top