Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Tuesday July 28 2015, @02:20PM   Printer-friendly
from the multimalware-messaging-service dept.

Ars reports on a serious Android exploit to be disclosed at the upcoming BlackHat:

Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message.

The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by physicsmajor on Tuesday July 28 2015, @02:53PM

    by physicsmajor (1471) on Tuesday July 28 2015, @02:53PM (#214859)

    Here is how to prevent automatic background downloading of MMS messages. Doesn't fix the problem but you'd have to click first, instead of having them silently execute.

    https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html [twilio.com]

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1, Insightful) by Anonymous Coward on Tuesday July 28 2015, @04:02PM

    by Anonymous Coward on Tuesday July 28 2015, @04:02PM (#214912)

    the instructions are provided as a video or animated gif?

    The world is ending. It may have ended. To witness that simple instructions now require a video tutorial to ensure that people can follow along. Maybe instead of eternal september, we now have a frozen turkey november. Because the same people will not know to defrost the turkey first prior to cooking, and require a video to explain why they can't follow the animated turkey preparation instructions on Thanksgiving since the turkey is still frozen.

    *frozen turkey's in November being a US centric thing

    At least toothpick instructions have not yet required a video. That'll be next, and Wonko will probably manage to follow the dolphins.