900 million android phones can be hjacked by malicious text messages
We Know that Almost All Android mobile devices available today are suspectible to hacks that can be execute malicious code when they are sented as an malformed text message or the user is lured to a malicious website, a security researcher reported.
About 900 to 950 millions Android phones and tablets are affected vulnerabilities, an android code library that processes several widely used media formats.
The malicious message will execute malicious code on the vulnerable device with no action required to the end user and no indication
A fully weapon ized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojan ed phone.
"Well vulnerability can be exploited using other attack techniques,targets to malicious websites"
Vulnerable devices running Android versions prior to 4.3 (Jelly Bean) are at the greatest risk, since earlier Android versions lack some of the more recent exploit mitigations
Android is designed with a security sandbox that prevents most apps from being able to access data used by other apps. That goes a long way to containing the damage Stage fright and similar code-execution exploits can do. In theory, for instance, it should prevent exploits from sniffing login credentials used by a properly designed banking app.
The attacker would have remote arbitrary code execution and thus escaping the sandbox is only a small step away," Drake said. He said existing root exploits, including those known PingPongRoot, Towelroot, and put_user, would likely help an attacker break free of the sandbox and gain much wider control over a vulnerable device
We Know that Almost All Android mobile devices available today are suspectible to hacks that can be execute malicious code when they are sented as an malformed text message or the user is lured to a malicious website, a security researcher reported.
About 900 to 950 millions Android phones and tablets are affected vulnerabilities, an android code library that processes several widely used media formats.
The malicious message will execute malicious code on the vulnerable device with no action required to the end user and no indication
A fully weapon ized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojan ed phone.
"Well vulnerability can be exploited using other attack techniques,targets to malicious websites"
Vulnerable devices running Android versions prior to 4.3 (Jelly Bean) are at the greatest risk, since earlier Android versions lack some of the more recent exploit mitigations
Android is designed with a security sandbox that prevents most apps from being able to access data used by other apps. That goes a long way to containing the damage Stage fright and similar code-execution exploits can do. In theory, for instance, it should prevent exploits from sniffing login credentials used by a properly designed banking app.
The attacker would have remote arbitrary code execution and thus escaping the sandbox is only a small step away," Drake said. He said existing root exploits, including those known PingPongRoot, Towelroot, and put_user, would likely help an attacker break free of the sandbox and gain much wider control over a vulnerable device
Post a Comment
Thank you for visiting Afridi's Technoworld