Earlier this year, researcher Joshua Drake, an employee at the mobile security firm Zimperium, discovered a dangerous bug in the android mobile operating system. So dangerous in fact, that a hacker only needs a person's phone number in order to execute an attack against their phone.
Hackers can exploit android devices by sending a text message, and even if the owner doesn’t open the message, so long as multimedia messaging services on the device within settings is activated, the phone will become infected. This is because multimedia messaging services, media services that are built within the operating system, automatically process information like text and video messages once the phone receives an incoming message.
That's why a user can be extremely cautious and follow good security practices, but still get infected with this bug, as this bug doesn't rely on a user's poor web-surfing habits, but rather the vulnerability in the android operating system.
The bug has been labeled as Stage Fright because the vulnerability lies in a multimedia player component in the android named Stage Fright. In fact once a hacker has infected the user's device, he or she can virtually do anything multimedia wise to their device. He or she could send infected messages to the user's contacts, access their camera and microphone without their knowledge, and even send and record video without them ever knowing.
This is because when the android device was created, the creators gave the multimedia component Stage fright systems permissions, the second highest level of permissions on the device. This means the hacker can do whatever they want with the user's multimedia and messaging. Additionally, since they have systems permissions, they can also execute files to keep themselves hidden so the user finds no traces of their activity. This means that the user may never know a picture was taken or may never even receive an acknowledgement from their phone that their camera is on, as most phones display a bright light when their video player is recording.
Despite the dangers of Stage Fright exploitation, users can protect themselves by turning the auto retrieve messaging feature off.
By going to each of their messaging apps and disabling the auto retrieve option in settings, user's disable their phone from automatically processing every message it receives. This allows the user to remove the threat of being infected by simply receiving any message.Disabling multimedia messaging services will then prompt the user on whether or not they wish to accept any new multimedia message they receive, thus allowing them to at least have a chance to potentially protect themselves by filtering out potentially infected multimedia messages. This way if a user receives a message from an unrecognizable phone number, he or she can protect themselves by clicking reject to reject the message, thus avoiding activation of the malware within that potentially infected message.
Disabling multimedia messaging services must be done, however, with all applications that use this service, including the default applications that came with the phone like messenger and google hangouts. As the exploit is at the core of the android’s operating system, and it uses the multimedia messaging service to carry out its malicious acts, therefore any external downloaded applications onto the phone can cause issues if its multimedia messaging services is on.
To make matters worse, a combined study done by Kaspersky lab and Interpol found that majority of cyber mobile threats were geared towards attacking the android device. This means that there could be hackers trying to develop derivatives of this virus in order to continue hacking android, even after a solution is made for the core issue. Fortunately, users have a few other precautions, besides disabling multimedia messaging services, they can take to ensure they aren't a victim of the Stage Fright exploitation.
Android users can take extra precaution against Stage Fright hacks by keeping phone software updated and using helpful third party applications.
Although it is a good start, completely disabling all the multimedia messaging services on your phone isn’t the only thing you can do to stay protected. Users should also make sure their android device's operating system is updated to the latest version, as google has released several patches to try and remedy this problem.
One software patch in one of the updates by google, actually disables its own messenger and hangout apps from automatically processing video messages in the background. This provides users a bit of comfort, as they don't have to worry about their phones getting infected even if they do receive malicious video messages.
One software patch in one of the updates by google, actually disables its own messenger and hangout apps from automatically processing video messages in the background. This provides users a bit of comfort, as they don't have to worry about their phones getting infected even if they do receive malicious video messages.
Unfortunately many cell phone carriers and manufacturers are responsible for software updates which will cause a delay in updates being pushed out since there are so many android users. Not to mention only few carriers and manufacturers have applied the software patch to the android devices so far. Some android devices, especially very old devices, may never receive an update at all as there are just too many android users to be able to deliver a security patch to every single user.
This may leave many users no choice but to have to buy a new phone or switch carriers. There are some users, though that still want to keep their phone. So Zimperium, the company that discovered the Stage Fright application, created a mobile app that scans your phone and will assess any potential vulnerabilities in your device. Allowing users to make informed choices regarding their android device.
Although the application cannot remedy the problem, as that must come from a software patch from either the users carrier or manufacturer, the app at least lets the user know if their phone has the potential to be infected. Nonetheless this is a serious issue that hopefully will have a concrete solution soon, otherwise thousands of hackers could potentially damage a lot of peoples lives by continuing to have access to their private information on their mobile devices.
No comments:
Post a Comment