Wednesday, July 29, 2015
Cyber security firm Zimperium on Monday warned of a flaw in the world's most popular smartphone operating system that lets hackers take control with a text message.
"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post. "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification." Zimperium says the Android code dubbed "Stagefright" was at the heart of the problem.
Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips. Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium's Joshua Drake. "The targets for this kind of attack can be anyone," the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date.
"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited." Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing. Stagefright imperils some 95%, or an estimated 950 million, of And-roid phones, according to the security firm.
By: DocMemory Copyright © 2023 CST, Inc. All Rights Reserved
|