Follow Us on WhatsApp | Telegram | Google News

Stagefright - Single Message to Hack Android Device

Table of Contents
Hack Android Device, Android hacking tool
Here is another critical and serious security vulnerability found on the popular Google mobile operating system "Android". The vulnerability resides  in the Stagefright media playback engine that is native to Android devices, which puts 95% of Android devices running version 2.2 to 5.1 under threats.

Researcher of security firm Zimperium discovered the Stagefright vulnerability and mentioned that it is the worst Android flaw in the mobile OS history, and confirmed that they will reveal more details at the next BlackHat or DEFCON in Las Vegas this year.

Researcher Joshua Drake, vice president of platform research and exploitation at Zimperium zLabs, said exploits could be particularly insidious given the fact that an attacker need only use a malicious MMS message that could trigger the vulnerability without user interaction, and delete the message
before the victim is aware. This is most nasty attack vector - said researcher.

Heartbleed for Android Mobile World
As  the vulnerability effects the devices running Android versions 2.2 to 5.1 of the Google OS, this means that vulnerability effects almost every Android users, almost 950 million Android users

Joshua Drake from Zimperium discovered seven critical vulnerabilities in the native media playback engine called Stagefright, the expert defined the Stagefright flaw the “Mother of all Android Vulnerabilities.”

How it Exploit ?
Exploitation of the vulnerability is very much easy, as attackers only needs victims phone number,— Sounds amusing na ...!!! — but that true. To exploit the vulnerability attackers only need to send a single multimedia text message to unpatched Android device (Victims device).

Once the attackers have successfully exploited the vulnerability, they would be able to write code to the mobile device and steal user data, including audio or media files or photographs stored in the SD cards. The attackers can remotely control the device, accessing audio from microphone, reading emails, and exfiltrating sensitive data.

Google has patched internal code branches (vulnerability), but devices require over-the-air updates. However, most manufacturers haven’t already distributed the patch to their customers exposing them to cyber attack.
Read Also
Post a Comment