Monday, July 27, 2015

Stagefright: a simple MMS to control 95% of Android smartphones? – ZDNet France

New alert around Android. This time it is the Zimperium researchers who got hold of a critical vulnerability in the source code of the green robot. The vulnerability is rather wild and discreet …

It is located in the Stagefright media library framework that allows playback of video files including. Developed in C ++, this library is sensitive to memory corruption. All Android phones from version 2.2 are concerned, which according Zimperium equivalent to more than 950 million devices. Enough to make him say that this flaw is the most serious ever found on Android.

The main problem is its usability as an MMS suffice specially designed to ship the malicious code. Worse, said MMS can be sent even silently, without the user noticing, the message being deleted before its opening (a communication nevertheless allows to be alerted). But the simple fact of having received sufficient for the trap closes. Then the attacker can do pretty much what he wants: listen to the microphone, copy files, read emails etc …

Google is aware of this and put critical flaw update the source code of Android Open Source Project (AOSP). But manufacturers also need to take over in order to propose an update to their users, and it is in this interval that this vulnerability could be exploited. Will they do for all their terminals, even the elders? I must say it will be publicly unveiled at the Black Hat conference on 5 August.

LikeTweet

No comments:

Post a Comment