14 DAY TRIAL // Worried about whether your Android device is really secure? You should be. Researches have announced they have found a vulnerability in Google’s Android operating system which allows hackers to access the system without the owners being aware of it.
What’s more, the flaw is said to be affecting a whopping 95% of Android devices running version 2.2 to 5.1 of the operating system, reports cybersecurity firm Zimperium.
At the center of everything sits a media library app that is used for the processing of media files called Stagefright. Zimperium says that the tool has several vulnerabilities built directly into its framework.
The attack is delivered to owners of Android devices by virtue of a simple multimedia text. But according to the report, Google has sent out to its partners patches meant to fix this grave vulnerability. However, the firm believes most manufacturers haven’t taken steps to ensure customers’ data is safeguarded.
You wouldn't even know you're being hacked
Once the exploit message is delivered, hackers would be able to write code to the device and steal data from sections with which Stagefright is connected. This means they could get access to audio or media files or photographs stored via SD cards. What’s more, the hacker could even start to remotely operate the phone’s microphone, read emails, and so on.
These vulnerabilities are extremely dangerous because they don’t specifically need the victim to take any action whatsoever. Zimperium explains that, unlike spear-phishing where you need to open a PDF or a link from the attacker, this vulnerability can actually be triggered while the user is asleep and not using the phone per se.
So when you wake up, you’ll be walking around with an “infected” phone and you’ll have no idea that this is the case.
The research firm also points out that, on some older devices, including Samsung S4 and LG Optimus Elite, the process runs with system-level privileges, so hackers are basically given wide access to the phone.
Zimperium plans to present the above findings at the Black Hat 2015 security conference and at the hacking conference Def Con in August.