Results 1 to 12 of 12

The worst Android vulnerability in Mobile OS history is back!

  1. #1
    Gold Member webworld's Avatar
    Join Date
    Sep 2015
    Posts
    794

    Exclamation The worst Android vulnerability in Mobile OS history is back!

    As per report from researchers a second wave of so called stagefright bugs are back which could affect a billion Android handsets. These bugs can help hackers take control of old Android handsets just by sending a message through MMS. Almost all prominent Android phone makers are rolling out security patches regularly to deal with this situation. The importance of software update is becoming more indispensable.

    This is considered as the worst Android vulnerability in the history. It could infect Android phones by simply receiving a MMS message even if it remain unopened! Then it would be easy for hackers to target their prey. The new Stagefright 2.0 is specially crafted for MP3 audio and MP4 video files.

  2. #2
    Banned
    Join Date
    Sep 2015
    Posts
    208

    Default

    This is quite serious problem and thank you for sharing it @webworld. Google in cooperation with Zimperium is making an action to produce a patch to Android devices. Fortunately the list of Stagefright patched devices are:

    Moto G 2015 (Motorola)
    Moto X Play (Motorola)
    Moto X Style (Motorola)
    Moto X 2014 (Pure Edition)
    Moto X 2013 (Pure Edition)
    Nexus 6 (Google, US Cellular) (Sprint)
    Nexus 5 (Google) (Sprint)
    Nexus 4 (Google)
    Nexus 7 (2013) (Wi-Fi) (Google)
    Nexus 7 (2013) (LTE) (Verizon)
    Nexus 9 (LTE and Wi-Fi) (Google)
    Nexus 10 (Google)
    Samsung Galaxy S6 (AT&T) (Verizon) (Sprint)
    Samsung Galaxy S6 edge (Verizon) (AT&T) (Sprint)
    Samsung Galaxy S6 Active (AT&T)
    Samsung Galaxy S5 Active (AT&T)
    Samsung Galaxy S5 Sport (Sprint)
    Samsung Galaxy S5 (T-Mobile) (AT&T) (Sprint)
    Samsung Galaxy S4 (Verizon) (Sprint)
    Samsung Galaxy S4 with Sprint Spark (Sprint)
    Samsung Galaxy S4 Mini (Sprint)
    Samsung Galaxy S3 (Sprint)
    Samsung Galaxy S3 with Sprint Spark (Sprint)
    Samsung Galaxy Note 4 (T-Mobile) (AT&T) (Sprint)
    Samsung Galaxy Note Edge (T-Mobile) (Verizon) (Sprint)
    Samsung Galaxy Note 3 (Sprint)
    Samsung Galaxy Mega (Sprint)
    Samsung Galaxy Grand Prime (Sprint)
    Samsung Galaxy Tab S (Sprint)
    Samsung Galaxy Tab 4 10.1 (Verizon)
    Samsung Galaxy Tab 3 (Sprint)
    Alcatel OneTouch Idol 3 (Source)
    ASUS ZenFone 2 (ASUS)
    OnePlus One (OnePlus)
    HTC One M9 (AT&T)
    HTC One M8 (Sprint) (AT&T)
    HTC One M8 Harmon Kardon Edition (Sprint)
    HTC One E8 (Sprint)
    HTC One M7 (Sprint)
    HTC Desire 510 (Sprint)
    LG G4 (T-Mobile) (AT&T)
    LG G Flex 2 (Sprint)
    NVIDIA SHIELD Tablet (NVIDIA)

    If your device is not on the list, the best possible way to protect your device is disabling auto-retrieve in your messaging platforms, since this vulnerability attacked through sending an MMS.

  3. #3
    Junior Member
    Join Date
    Jun 2014
    Posts
    58

    Default

    This is nothing new. In the digital world there will always exist vulnerabilities and zero day exploits.

    The most interesting thing is not all vulnerabilities are reported back to the vendor. Many of them are sold on the black market for a high price.
    We should not be frightened by such news. This would be routine stuff from now on.

    Speaking about the Stagefright 2.0, this requires a specially crafted MP3 or MP4 file. So for the time being it is wise to not open untrusted links.
    This vulnerability will likely have an impact on the popularity of Android. Apple with their iOS will benefit.

  4. #4
    Gold Member webworld's Avatar
    Join Date
    Sep 2015
    Posts
    794

    Default

    Quote Originally Posted by qwerty View Post
    This is nothing new. In the digital world there will always exist vulnerabilities and zero day exploits.

    The most interesting thing is not all vulnerabilities are reported back to the vendor. Many of them are sold on the black market for a high price.
    We should not be frightened by such news. This would be routine stuff from now on.

    Speaking about the Stagefright 2.0, this requires a specially crafted MP3 or MP4 file. So for the time being it is wise to not open untrusted links.
    This vulnerability will likely have an impact on the popularity of Android. Apple with their iOS will benefit.
    Yes, I admit the fact that we can see similar news almost every other day, especially Android related ones. Android is becoming an easy target for hackers, may be because of its wide popularity. I think what is fatal about this bug is that you don't have to download anything to get infected. If you just open the MMS that is enough for this bug to enter into the system and allow a hacker to take control of the device.

    Yes, this can seriously affect the popularity of Android OS and may badly influence the sale of the most awaited foldable phones by Samsung.

  5. #5
    Banned
    Join Date
    Sep 2015
    Posts
    208

    Default

    This vulnerability has previously been known, and now a second attempt to threathen Andoid users because of this vulnerability is being made. It is quite serious not to ignore because as what @webworld mentioned, you don't need to be reminded when this crafted maliciously made MP3/MP4 files attacked your device. As an MMS is received, the malicious file will automatically be downloaded and target the Stagefright exploit leaving your files freely to access. The worst thing is that, it can access your contacts and that way the malicious files continue to spread.

    Goggle and Ziperium is doing their best to protect Android users from the possible threat.

  6. #6
    Silver Member pwarbi's Avatar
    Join Date
    Sep 2015
    Posts
    488

    Default

    And just as they fix one problem, another one pops up. As long as there is technology, then there will always be people willing to try and steal information.

    I think these big companies have accepted that, and now instead of trying to stop them in the first place, I think they're just all about trying to stay one step ahead.

  7. #7
    Banned
    Join Date
    Sep 2015
    Posts
    208

    Default

    Quote Originally Posted by pwarbi View Post
    And just as they fix one problem, another one pops up. As long as there is technology, then there will always be people willing to try and steal information.

    I think these big companies have accepted that, and now instead of trying to stop them in the first place, I think they're just all about trying to stay one step ahead.
    They probably became used to it. Having the same problem in the same area of specification which is their security measures will continue as their name in mobile world is known. Even their OS openness is barely exposed, so what would be the hacker's reaction? Expect the expected, indeed. Lucky to those mobile users who can get the patch compatibility, because the more recent the version might get the chances of having cured from this threat. Why think of other versions, anyway, since their moving forward and not backwards.

  8. #8
    Silver Member pwarbi's Avatar
    Join Date
    Sep 2015
    Posts
    488

    Default

    While I accept the fact that companies will be more concerned with making sure the current devices and future ones are safe to use, if they have found a security alert that can affect all the older devices as well I think they should really patch those as well.

    You could say it's not the fault of the company's but the fault of the hackers, but at the same time it's not the fault of the users of the devices either so I'm sure if they can plug the security breach in the new OS, it won't take them that long to be able to come up with a patch to secure the older versions as well.

  9. #9
    Banned
    Join Date
    Sep 2015
    Posts
    208

    Default

    Yeah, we might be hoping of the probabilities then, rather than possibilities. Hope we have the patches before its too late. Well, its really not the company's fault at all because they're just innovating to provide us (users) the perfect device that we "need", not just what we "want".

  10. #10
    Silver Member pwarbi's Avatar
    Join Date
    Sep 2015
    Posts
    488

    Default

    I think it is more possible than probable like you say but we can live in hope.

    I think it's to much to ask for a company to deliver updates across all of their product range, but when it comes to security I'd want them to do more than just securing the latest devices.

  11. #11
    Banned
    Join Date
    Sep 2015
    Posts
    208

    Default

    Well, you have your point there, as long as the older versions are not affected by any threat, it is still useable. So, no need to demand for patches if there's none. But the damage that can be done by a possible threat can't be reconsidered and switching to a new device is not financially easy.

    This threat is quite serious to affect billions of users, if dissiminated. It is not the company's fault, nor the user's. But at least a solution must take its place to rescue the possible exploitation of vulnerability to those users.

  12. #12
    Silver Member pwarbi's Avatar
    Join Date
    Sep 2015
    Posts
    488

    Default

    All OS get attacked on a daily basis, it just seems that android gets attacked more than the others, simply down to the fact its the most popular.

    There will always be security updates and it will always be a battle to keep the hackers out, but unfortunately that's the way it is these days in regards to technology.

Similar Threads

  1. Which is better Android or Windows mobile phone
    By Sal in forum Operating Systems
    Replies: 33
    Last Post: 9th January 2016, 03:15 AM
  2. Android Lockscreen Vulnerability
    By Rubie in forum Android
    Replies: 2
    Last Post: 29th September 2015, 06:52 AM
  3. Replies: 8
    Last Post: 15th November 2014, 10:28 AM
  4. Spice MiTab, an Android tablet with HD video play back
    By meetdilip in forum Home Appliances and Gadgets
    Replies: 0
    Last Post: 25th September 2011, 04:13 AM
  5. I want back my PC version of yahoo mail on Mobile!!
    By bhvm in forum Broadband How to
    Replies: 0
    Last Post: 2nd October 2010, 01:11 PM