Stories
Slash Boxes
Comments

SoylentNews is people

Silent MMS Exploit Affecting All Android Phones Since 2.2

posted by takyon on Tuesday July 28 2015, @02:20PM   Printer-friendly
from the multimalware-messaging-service dept.

pillo writes:

Ars reports on a serious Android exploit to be disclosed at the upcoming BlackHat:

Almost all Android mobile devices available today are susceptible to hacks that can execute malicious code when they are sent a malformed text message.

The vulnerability affects about 950 million Android phones and tablets, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. It resides in "Stagefright," an Android code library that processes several widely used media formats. The most serious exploit scenario is the use of a specially modified text message using the multimedia message (MMS) format. All an attacker needs is the phone number of the vulnerable Android phone. From there, the malicious message will surreptitiously execute malicious code on the vulnerable device with no action required by the end user and no indication that anything is amiss.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Silent MMS Exploit Affecting All Android Phones Since 2.2 | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday July 28 2015, @04:00PM

    by Anonymous Coward on Tuesday July 28 2015, @04:00PM (#214911)

    i don't get it.

    wifi or GSM .. it's the same. the difference is the "capture portal/billing" function and the wattage output power ...
    why can i not just go to a website "updatemyandroid.com" with my wifi-phone (via free wifi or paid GSM) click a link,
    select my candy version and get an update?

    anyways, i guess my tactics of waiting for a "mature" version until jellybean didn't pay off.
    got newbie-beta-tester trampled nevertheless : (

    dumb phone and SIM-less tablets for me ...

  • (Score: 3, Insightful) by tathra on Tuesday July 28 2015, @04:11PM

    by tathra (3367) on Tuesday July 28 2015, @04:11PM (#214918)

    why can i not just go to a website "updatemyandroid.com" with my wifi-phone (via free wifi or paid GSM) click a link,
    select my candy version and get an update?

    because every phone manufacturer has their own customized, proprietary version of android. there's no money in letting the idiotic consumers do their own updates. better to kill old models off after a few months and force them to buy the new model. yay capitalism!

    • (Score: 3, Touché) by WillR on Tuesday July 28 2015, @06:38PM

      by WillR (2012) on Tuesday July 28 2015, @06:38PM (#214989)

      because every phone manufacturer has their own customized, proprietary version of android.

      ...and every carrier insists on having time to "test" every minor Android release "for quality"

      (read: "sit on updates long enough that you'll just buy a new goddamn phone already, Jesus it's been nearly a year already you Luddite! UPGRADE YOUR PHONE! IT'S FREE*")

      *"Free" as in $1200 spread out over 24 monthly payments.