Android Remote Code Execution Vulnerability

This RCE bug was found to affect almost all versions of android, right from the 2.2 to 5.1 Lollipop, which accounts for nearly 950 Million Android smartphones and tablets. This vulnerability was found by Joshua Drake, vice president of platform research and exploitation at security firm Zimperium.

How it works?

Hackers can access the vulnerable device without the owners being aware of it, just by sending an SMS! The vulnerability exists in a core Android component called "Stagefright," which is a multimedia playback library used by Android to process, record and play multimedia files.

A Simple Text Message Can Hack You!

To leverage this vulnerability all that is needed by the hacker is the phone number of the victim’s Android device. The hacker then sends the malicious message which will surreptitiously execute malicious code on the target device. No user action is required, and the user will have no clue of being hacked. According to Zimperium blog, n attack can happen when you are asleep, and the attacker can remove any signs of attack before you wake up. You'll continue your daily works with a trojened phone as if nothing happened.

More ways to exploit StageFright Vulnerability.

According to the findings of Joshua Drake this vulnerability can be exploited in several other ways, like luring the victim to open a malicious site. More details, which includes additional six ways to leverage the vulnerability, will be presented by Drake in the upcoming Black Hat security conference in Las Vegas on on August 5 and DEF CON 23 on August 7, where he is scheduled to deliver a talk titled, Stagefright: Scary Code in the Heart of Android.

How to be safe from StageFright Vulnerability?

Google has issued a patch and sent to all device makers. They are supposed to deliver the fix thought OTA updates. Hope that happens soon, before its too late. However in the silent circle's Black Phone and Mozilla's Firefox OS, the issue has been patched already.

Also Read

Post a Comment