News Nearly 1 billion phones can be hacked with 1 text

Discussion in 'The Howard Stern Show' started by dawg, Jul 27, 2015.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    565,286
    Joined:
    Aug 19, 2010
    Messages:
    122,666
    Likes Received:
    96,996
    android-logo.jpg

    “Stagefright” is one of the worst Android vulnerabilities to date.


    So listen: Can I have your number?

    Can I have it? Can I? Have it?

    Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

    That’s the only thing a hacker needs to compromise a handset.

    A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

    Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

    Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

    “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

    When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.63% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

    As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.15% , Motorola MSI -1.39% , Samsung SSNLF -3.23% , and Sony SNE -1.37% were not immediately available to comment. (Fortune will update this when we hear back.)

    An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

    Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

    “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

    So, um, can I have your number?

    http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/
     
  2. flonsta

    flonsta Well-Known Member

    Reputations:
    8,022
    Joined:
    Oct 22, 2012
    Messages:
    877
    Likes Received:
    1,909
    It'd be cool if Drake the rapper joined this other Drake guy to fight this scourge.
     
  3. Batwings

    Batwings Well-Known Member VIP

    Reputations:
    5,307
    Joined:
    Jan 20, 2012
    Messages:
    1,103
    Likes Received:
    823
    Isn't that loosely the plot to the "Kingsman"?
     
  4. RonHeinzkaboot

    RonHeinzkaboot Adultophile Gold

    Reputations:
    117,758
    Joined:
    Aug 14, 2013
    Messages:
    20,108
    Likes Received:
    18,704
    [​IMG]
     
    cwok likes this.
  5. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    108,445
    Joined:
    Apr 15, 2014
    Messages:
    6,645
    Likes Received:
    17,345
    good thing im still on iphone 3gs

    :ublob:
     
  6. Limo Wreck

    Limo Wreck Aboard the great mothership Gold

    Reputations:
    103,759
    Joined:
    Dec 13, 2011
    Messages:
    8,883
    Likes Received:
    19,300
    When you name your operating system candy cane, lollipop or cotton candy, im gonna have a hard time taking it seriously.
     
    BrulesRules likes this.
  7. Calloused Shins

    Calloused Shins Well-Known Member

    Reputations:
    106,209
    Joined:
    Oct 17, 2014
    Messages:
    6,701
    Likes Received:
    11,200
    All they'll find on my "smart" phone is this place and 23 hour sports and porn coverage
     
  8. StRyDeRxX

    StRyDeRxX Bling Bling Gold

    Reputations:
    62,902
    Joined:
    Mar 4, 2012
    Messages:
    11,862
    Likes Received:
    13,159
    :eek:
     
  9. AllAboutHim Ed

    AllAboutHim Ed #mypurpose VIP

    Reputations:
    143,003
    Joined:
    Jan 1, 2014
    Messages:
    7,463
    Likes Received:
    11,409
    Oh the droidtards would be loving this if it were a problem for iPhones. I'm sure patching tens of millions of phones owned by your average low information android user will be very easy though.
     
    Bryce likes this.
  10. Droog

    Droog Well-Known Member VIP

    Reputations:
    147,306
    Joined:
    Jan 15, 2012
    Messages:
    15,802
    Likes Received:
    20,423
    No surprise. I'm not a fan of Android to begin with, but now that smartphone OS's are doing more and more, they're also becoming more like a regular PC. A billion people is worth spending time finding ways to hack in. With each version, phone operating systems become more bloated and more vulnerable.
     
  11. BrulesRules

    BrulesRules Just grab 'em in the biscuits VIP

    Reputations:
    395,463
    Joined:
    Jan 18, 2012
    Messages:
    139,810
    Likes Received:
    67,013
    I will not celebrate this news like my Android friends would an Apple hack. Just buy whatever phone you like and leave other people alone.
     
  12. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    108,445
    Joined:
    Apr 15, 2014
    Messages:
    6,645
    Likes Received:
    17,345
    its "slower than dogshit" as we say in the pc repair world

    but it works :grad:
     
  13. Nick Manning

    Nick Manning Well-Known Member VIP

    Reputations:
    22,541
    Joined:
    Jan 17, 2012
    Messages:
    3,171
    Likes Received:
    4,603
    Good thing that The Wig is still on Lotus Notes!
     
    HorseFanNetwork, Batwings and dawg like this.
  14. WillyBest

    WillyBest Achiever Gold

    Reputations:
    257,266
    Joined:
    Feb 7, 2012
    Messages:
    25,464
    Likes Received:
    25,952
    They can't get me, I'm on SIM cards!
     
  15. HorseFanNetwork

    HorseFanNetwork Well-Known Member

    Reputations:
    25,197
    Joined:
    Jan 15, 2012
    Messages:
    2,228
    Likes Received:
    3,733
    luckily i have a dumb outdated phone that barely works.
     
    dawg likes this.