News Nearly 1 billion phones can be hacked with 1 text

Discussion in 'The Howard Stern Show' started by dawg, Jul 27, 2015.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    59,988
    Joined:
    Aug 19, 2010
    Messages:
    129,182
    Likes Received:
    108,610
    android-logo.jpg

    “Stagefright” is one of the worst Android vulnerabilities to date.


    So listen: Can I have your number?

    Can I have it? Can I? Have it?

    Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

    That’s the only thing a hacker needs to compromise a handset.

    A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

    Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

    Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

    “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

    When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.63% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

    As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.15% , Motorola MSI -1.39% , Samsung SSNLF -3.23% , and Sony SNE -1.37% were not immediately available to comment. (Fortune will update this when we hear back.)

    An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

    Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

    “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

    So, um, can I have your number?

    http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/
     
  2. flonsta

    flonsta Well-Known Member

    Reputations:
    1,941
    Joined:
    Oct 22, 2012
    Messages:
    920
    Likes Received:
    2,099
    It'd be cool if Drake the rapper joined this other Drake guy to fight this scourge.
     
  3. Batwings

    Batwings Well-Known Member VIP

    Reputations:
    162
    Joined:
    Jan 20, 2012
    Messages:
    1,108
    Likes Received:
    828
    Isn't that loosely the plot to the "Kingsman"?
     
  4. RonHeinzkaboot

    RonHeinzkaboot Adultophile Gold

    Reputations:
    531
    Joined:
    Aug 14, 2013
    Messages:
    20,174
    Likes Received:
    18,794
    [​IMG]
     
    cwok likes this.
  5. Bryce

    Bryce 2018 KOTY, The Bar Gold

    Reputations:
    30,404
    Joined:
    Apr 15, 2014
    Messages:
    7,200
    Likes Received:
    18,858
    good thing im still on iphone 3gs

    :ublob:
     
  6. Limo Wreck

    Limo Wreck Aboard the great mothership Gold

    Reputations:
    2,285
    Joined:
    Dec 13, 2011
    Messages:
    9,001
    Likes Received:
    19,605
    When you name your operating system candy cane, lollipop or cotton candy, im gonna have a hard time taking it seriously.
     
    BrulesRules likes this.
  7. Calloused Shins

    Calloused Shins Well-Known Member

    Reputations:
    9,329
    Joined:
    Oct 17, 2014
    Messages:
    7,894
    Likes Received:
    13,399
    All they'll find on my "smart" phone is this place and 23 hour sports and porn coverage
     
  8. StRyDeRxX

    StRyDeRxX Bling Bling Gold

    Reputations:
    1,464
    Joined:
    Mar 4, 2012
    Messages:
    11,990
    Likes Received:
    13,471
    :eek:
     
  9. AllAboutHim Ed

    AllAboutHim Ed #mypurpose VIP

    Reputations:
    4,367
    Joined:
    Jan 1, 2014
    Messages:
    7,670
    Likes Received:
    11,754
    Oh the droidtards would be loving this if it were a problem for iPhones. I'm sure patching tens of millions of phones owned by your average low information android user will be very easy though.
     
    Bryce likes this.
  10. Droog

    Droog Well-Known Member VIP

    Reputations:
    10,050
    Joined:
    Jan 15, 2012
    Messages:
    16,780
    Likes Received:
    22,056
    No surprise. I'm not a fan of Android to begin with, but now that smartphone OS's are doing more and more, they're also becoming more like a regular PC. A billion people is worth spending time finding ways to hack in. With each version, phone operating systems become more bloated and more vulnerable.
     
  11. BrulesRules

    BrulesRules Just grab 'em in the biscuits VIP

    Reputations:
    63,442
    Joined:
    Jan 18, 2012
    Messages:
    146,264
    Likes Received:
    73,891
    I will not celebrate this news like my Android friends would an Apple hack. Just buy whatever phone you like and leave other people alone.
     
  12. Bryce

    Bryce 2018 KOTY, The Bar Gold

    Reputations:
    30,404
    Joined:
    Apr 15, 2014
    Messages:
    7,200
    Likes Received:
    18,858
    its "slower than dogshit" as we say in the pc repair world

    but it works :grad:
     
  13. Nick Manning

    Nick Manning Well-Known Member

    Reputations:
    2,543
    Joined:
    Jan 17, 2012
    Messages:
    3,369
    Likes Received:
    5,140
    Good thing that The Wig is still on Lotus Notes!
     
    HorseFanNetwork, Batwings and dawg like this.
  14. WillyBest

    WillyBest Achiever Gold

    Reputations:
    48,516
    Joined:
    Feb 7, 2012
    Messages:
    26,621
    Likes Received:
    29,104
    They can't get me, I'm on SIM cards!
     
  15. HorseFanNetwork

    HorseFanNetwork Well-Known Member

    Reputations:
    942
    Joined:
    Jan 15, 2012
    Messages:
    2,392
    Likes Received:
    3,971
    luckily i have a dumb outdated phone that barely works.
     
    dawg likes this.