SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
2 Oct 2015

Every Android device is vulnerable to newly discovered bugs

Two major vulnerabilities have been discovered in Google's Android mobile software by the same security company that found a whole series of dangerous bugs earlier this year.

Several of the bugs discovered by the security researchers pose a danger to every active Android device out there.

The two new bugs, which can expose people with Android-powered smartphones and tablets to attacks by malicious hackers, are the latest in a "library" of vulnerabilities that have come to be known as Stagefright. Zimperium zLabs initially discovered this class of vulnerabilities in April, but has now found the problem is broader than originally thought. More than a billion Android smartphones and tablets are at risk of being compromised by the new bugs if their owners even just preview video or audio files that have been specially crafted to exploit the vulnerability, zLabs said. The first of the bugs has the potential to impact almost every Android device going back to version 1.0 of the software, which was released in 2008. The second bug can be used to target all devices running later versions of Google's software, Android 5.0 and up. Google next week plans to release Android 6.0, aka Marshmallow.

Security holes are a serious problem. Depending on the severity, they can let attackers run programs of their own choosing on a computing device, gain access to sensitive documents, monitor network traffic, listen to keyboard activity, turn on a webcam or turn a computing device into a tool that launches attacks on other devices.

Google, based in Mountain View, California, tries to set a good Android example with prompt security updates to its Nexus family of devices, including the just-announced Nexus 6P and Nexus 5X that will come with Marshmallow. But compared to Apple's competing iOS operating system, which powers its iPhones and iPads, the Android market is more vulnerable to security holes.

That's because the vast majority of Android phones get software updates slowly, if ever. That's the case even with mainstream Android phone makers such as Samsung, Huawei, Sony and LG, each of which is responsible for software updates. However, some Android security problems are ameliorated by the fact that some Android components ship in a package called Google Play Services that Google itself updates. Google told it will issue a patch to Nexus users on October 5.

These particular Stagefright flaws would require hackers to trick Android users into opening a dodgy video or audio file within a website or third-party multimedia player. "The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue," zLabs said in its blog post. zLabs informed Google of the latest Stagefright flaws on August 15 and has praised the company for responding promptly to the threat. A patch to fix the vulnerability will be released next week in an over-the-air update. Google pushes out these security updates to its flagship Nexus devices once a month.

Google said it shared details of the patch with Android device makers on September 10 in the hope that it can be pushed out to all Android users as soon as possible. Google did not immediately respond to a request for comment. The new Stagefright bugs likely aren't the last. In September, zLabs researcher Joshua Drake tweeted that he's reported 10 Stagefright vulnerabilities to Google.

Tags:
Android Stagefright information leaks
Source:
CNews
2087
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015