Researchers have found a vulnerability in Android devices that allows hackers to access a device remotely without the owner ever knowing it was compromised. The flaw affects roughly 95 percent of Android devices running OS version 2.2 to 5.1, according to cybersecurity firm Zimperium.
Zimperium says it found multiple vulnerabilities in the framework. The company plans to present its researches at the Black Hat 2015 security conference and at the hacking conference Def Con in August.
By Using a person’s telephone number, hackers send a media file via MMS that gives them entry into a device. What’s more, the owner of the device may never know. Once the exploit is completed, a hacker can remotely operate a phone’s microphone, steal files, can read emails, and get personal credentials.
These vulnerabilities are extremely dangerous because they do not require that victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any sign of the device being compromised & you will continue your day as usual – with a trojaned phone,” says Zimperium chief technology officer Zuk Avraham.
Android owners can also reach out to their telecom providers & device manufacturers to ensure their phones get the update. Nicely, Google has applied patches to the Android Open Source Project, Zimperium says device owners should be proactive in updating their phones.
Google thanked the lead researcher who found the Stagefright vulnerability, Joshua Drake, and noted that most Android devices have technology in place to deter exploitation.
You can read the full comment below.
“The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device. Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult.
Android devices also include an application sandbox designed to protect user data and other applications on the device.”