Silent Killer: Android Stagefright Security Flaw Threatens 950M Mobiles
What is the Stagefright Flaw?
The Android Stagefright security flaw is a set of serious security vulnerabilities located within the Android operating system (OS) Stagefright media library, which processes several popular forms of media. Moreover, according to Joshua Drake, VP of research and exploitation at Zimperium zLabs, Stagefright could seriously compromise 950 million (95%) android mobile devices. Moreover, the mobile security threat could lead to computer hackers taking control of millions of Android mobile devices by simply sending a specially crafted media file via text message. Even though Zimperium zLabs developed a patch for Google to fend off Stage Fright in April – customers still face permanent exposure to Stagefright flaws, due to mobile device manufacturers not diligently updating older model mobile operating systems for their customers.
Who’s at Risk?
Joshua Drake states that anyone running Android 2.2 and up is vulnerable and more specifically, Android Jelly bean 4.1-4.31 users (10%) are most at risk due to inadequate exploit mitigation.
How does the Stagefright Flaw Work?
According to Drake in a recent blog post on July 27, the Stage Fright Flaw can be remotely executed by a computer hacker using various methods,” including a potential spear-phishing attack that could be used to seize control of the phone with no interaction, after which the attacker could automatically delete the related signs of compromise.” What makes this type of Android mobile security threat so dangerous is that your device can be attacked without you even noticing it. All the computer hacker has to do is figure out your mobile phone number and send you a specially crafted media file via text message.
What Can I do to Protect My Android Mobile Device?
Make sure you check and see what version of Android your smartphone is currently running and contact your smartphone service provider to see if they are going to create a Stagefright patch for your specific Android device’s O.S. In the meantime while you’re waiting for a Stagefright patch for your smartphone, you should avoid using Google Hangouts’ text messaging service, auto-retrieval of text messages, and if you really want to be safe it is advised to download and install TextSecure, which is a Free encrypted text messaging platform available from the Google Play store.
Issues With Faster Mobile Patch Delivery
According to Andrew Hoog, CEO of mobile security firm NowSecure, the main issue with getting mobile security vulnerability patches out quickly to ISP’s and vendors is that these patches can be expensive and very time consuming, since OEM’s need to test and code specific patches for their smartphones. Whereas, as Hoog points out, “Google can patch them incredibly quickly and (the patches) sometimes sit forever and never make it out to a phone”. In fact, the SwiftKey flaw that affects an estimated 600 million Samsung smartphones, which was discovered by NowSecure earlier this year, still remains unpatched, even though it can essentially gain control and re-program Samsung smartphones.
According to Zimperium, patches for the Stage Fright flaw could be delayed longer than previous security patches for similar mobile security threats, since the user’s android mobile devices OS firmware first has to be updated. In fact, Zimperium states that “devices older than 18 months are unlikely to receive an update at all”.
Discover Today How IPR Can Help Protect Your Mobile Workforce!
If you’re looking for safer and flexible IT security solutions for your business, IPR International offers a robust spectrum of IT security solutions for small to large businesses, such as
To request a Free quote visit: http://iprsecure.com/request-quote or call 877.282.4873 (Today!
Zimperium. Experts Found a Unicorn in the Heart of Android.