News Nearly 1 billion phones can be hacked with 1 text

Discussion in 'The Howard Stern Show' started by dawg, Jul 27, 2015.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    540,837
    Joined:
    Aug 19, 2010
    Messages:
    119,526
    Likes Received:
    90,841
    android-logo.jpg

    “Stagefright” is one of the worst Android vulnerabilities to date.


    So listen: Can I have your number?

    Can I have it? Can I? Have it?

    Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

    That’s the only thing a hacker needs to compromise a handset.

    A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

    Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

    Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

    “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

    When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.63% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

    As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.15% , Motorola MSI -1.39% , Samsung SSNLF -3.23% , and Sony SNE -1.37% were not immediately available to comment. (Fortune will update this when we hear back.)

    An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

    Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

    “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

    So, um, can I have your number?

    http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/
     
  2. flonsta

    flonsta Well-Known Member

    Reputations:
    7,632
    Joined:
    Oct 22, 2012
    Messages:
    837
    Likes Received:
    1,779
    It'd be cool if Drake the rapper joined this other Drake guy to fight this scourge.
     
  3. Batwings

    Batwings Well-Known Member VIP

    Reputations:
    5,274
    Joined:
    Jan 20, 2012
    Messages:
    1,095
    Likes Received:
    812
    Isn't that loosely the plot to the "Kingsman"?
     
  4. RonHeinzkaboot

    RonHeinzkaboot Adultophile VIP

    Reputations:
    110,216
    Joined:
    Aug 14, 2013
    Messages:
    19,573
    Likes Received:
    17,955
    [​IMG]
     
    cwok likes this.
  5. stash

    stash 2017 Kimbra of All Media VIP

    Reputations:
    95,627
    Joined:
    Apr 15, 2014
    Messages:
    6,197
    Likes Received:
    16,120
    good thing im still on iphone 3gs

    :ublob:
     
  6. Limo Wreck

    Limo Wreck Aboard the great mothership Staff Member

    Reputations:
    103,352
    Joined:
    Dec 13, 2011
    Messages:
    8,827
    Likes Received:
    19,131
    When you name your operating system candy cane, lollipop or cotton candy, im gonna have a hard time taking it seriously.
     
    BrulesRules likes this.
  7. Calloused Shins

    Calloused Shins Well-Known Member

    Reputations:
    69,181
    Joined:
    Oct 17, 2014
    Messages:
    4,935
    Likes Received:
    8,310
    All they'll find on my "smart" phone is this place and 23 hour sports and porn coverage
     
  8. StRyDeRxX

    StRyDeRxX Bling Bling Gold

    Reputations:
    62,032
    Joined:
    Mar 4, 2012
    Messages:
    11,766
    Likes Received:
    12,869
    :eek:
     
  9. AllAboutHim Ed

    AllAboutHim Ed #mypurpose VIP

    Reputations:
    134,725
    Joined:
    Jan 1, 2014
    Messages:
    7,246
    Likes Received:
    10,880
    Oh the droidtards would be loving this if it were a problem for iPhones. I'm sure patching tens of millions of phones owned by your average low information android user will be very easy though.
     
    stash likes this.
  10. Droog

    Droog Well-Known Member VIP

    Reputations:
    134,953
    Joined:
    Jan 15, 2012
    Messages:
    15,118
    Likes Received:
    19,237
    No surprise. I'm not a fan of Android to begin with, but now that smartphone OS's are doing more and more, they're also becoming more like a regular PC. A billion people is worth spending time finding ways to hack in. With each version, phone operating systems become more bloated and more vulnerable.
     
  11. BrulesRules

    BrulesRules Just grab 'em in the biscuits VIP

    Reputations:
    349,317
    Joined:
    Jan 18, 2012
    Messages:
    133,705
    Likes Received:
    60,361
    I will not celebrate this news like my Android friends would an Apple hack. Just buy whatever phone you like and leave other people alone.
     
  12. stash

    stash 2017 Kimbra of All Media VIP

    Reputations:
    95,627
    Joined:
    Apr 15, 2014
    Messages:
    6,197
    Likes Received:
    16,120
    its "slower than dogshit" as we say in the pc repair world

    but it works :grad:
     
  13. Nick Manning

    Nick Manning Well-Known Member VIP

    Reputations:
    19,035
    Joined:
    Jan 17, 2012
    Messages:
    3,005
    Likes Received:
    4,181
    Good thing that The Wig is still on Lotus Notes!
     
    HorseFanNetwork, Batwings and dawg like this.
  14. WillyBest

    WillyBest Achiever Gold

    Reputations:
    250,898
    Joined:
    Feb 7, 2012
    Messages:
    24,521
    Likes Received:
    23,526
    They can't get me, I'm on SIM cards!
     
  15. HorseFanNetwork

    HorseFanNetwork Well-Known Member

    Reputations:
    24,110
    Joined:
    Jan 15, 2012
    Messages:
    2,057
    Likes Received:
    3,479
    luckily i have a dumb outdated phone that barely works.
     
    dawg likes this.