Android Bug Overview
Security experts at Zimperium, a United States-based mobile security company, identified a major vulnerability in Android’s operating system that leaves as many as 95 per cent of all Android devices open to attack. Even more frightening – hackers can exploit this vulnerability to gain unfettered remote access to users’ phones without users ever knowing.
Stagefright – A Silent Way In
In order for a cyber criminal to gain access to a device, he or she often needs the victim to take some action, like clicking on a link in an email. In the case of the Stagefright bug, the hacker only needs the user’s phone number to find a way in.
The vulnerability resides in Stagefright, an Android media playback tool. In order to save the user time, Stagefright “previews” multimedia messages (MMS) so that the user doesn’t have to wait as long for something like a video to load.
Related Matters: Stagefright 2: all versions of Android since 2010 hit by privacy-busting flaw
To exploit the vulnerability, a hacker merely has to embed a malicious code into a video, send the video in an MMS and wait for it to arrive. Even if the user never opens the message, Stagefright’s preview tool allows the hacker to gain remote access to the user’s phone.
Once a hacker has gained access to the device, there’s theoretically no limit to what he or she can do. The hacker could download the user’s email or contacts list, hijack the phone’s camera and microphone, or even use the phone’s GPS to track the user’s location.
Android Bug Patches, Solutions And Problems
The good news is that Google – the company that makes the Android operating system – is aware of the vulnerability and has designed patches to fix the problem. The bad news is that Google can’t simply send the patch out to the affected users.
Unlike Apple, which provides updates for its operating systems directly to customers who purchase its hardware, Google relies upon device manufacturers, and sometimes phone carriers, to provide users with updates. Making matters more complicated, those manufacturers and carriers also modify the operating systems. So even with Google’s patches, it might take even more time to make sure the patch works on each particular device and for each cellphone carrier.
Android Bug – Be Proactive
Device manufacturers and carriers are currently busy working on the problem – according to their own timetables.
Related Matters: BYOD Risk: Cyber Tips For Employees Using Personal Electronic Devices
The best thing you can do is be proactive. Check for and install any updates on your device, and find out when your device’s manufacturer and your carrier will be issuing patches.
An ALIGNED Advocate can provide expert guidance about cyber insurance and risk management best practices for your organization. Talk to one of our advocates today about how we can help you secure the best products, services and insurance solutions for your business.
|ALIGNED Across Canada 100% Canadian owned, ALIGNED is a premiere insurance brokerage that serves more than 1,400 clients across the country. ALIGNED’s offices in Toronto, Calgary and Vancouver are supported by a national operations centre in Cambridge, Ontario. Uniquely within the industry, ALIGNED creates, negotiates and delivers the best business insurance and risk management strategies/solutions to organizations like yours.|
Source(s): The Guardian © 2015 Zywave, Inc. All rights reserved. The content of this News Brief is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and should not be relied upon as such.