News Nearly 1 billion phones can be hacked with 1 text

Discussion in 'The Howard Stern Show' started by dawg, Jul 27, 2015.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    558,916
    Joined:
    Aug 19, 2010
    Messages:
    121,156
    Likes Received:
    94,512
    android-logo.jpg

    “Stagefright” is one of the worst Android vulnerabilities to date.


    So listen: Can I have your number?

    Can I have it? Can I? Have it?

    Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

    That’s the only thing a hacker needs to compromise a handset.

    A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

    Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

    Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

    “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

    When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.63% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

    As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.15% , Motorola MSI -1.39% , Samsung SSNLF -3.23% , and Sony SNE -1.37% were not immediately available to comment. (Fortune will update this when we hear back.)

    An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

    Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

    “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

    So, um, can I have your number?

    http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/
     
  2. flonsta

    flonsta Well-Known Member

    Reputations:
    7,803
    Joined:
    Oct 22, 2012
    Messages:
    857
    Likes Received:
    1,836
    It'd be cool if Drake the rapper joined this other Drake guy to fight this scourge.
     
  3. Batwings

    Batwings Well-Known Member VIP

    Reputations:
    5,310
    Joined:
    Jan 20, 2012
    Messages:
    1,103
    Likes Received:
    824
    Isn't that loosely the plot to the "Kingsman"?
     
  4. RonHeinzkaboot

    RonHeinzkaboot Adultophile Gold

    Reputations:
    114,852
    Joined:
    Aug 14, 2013
    Messages:
    19,948
    Likes Received:
    18,402
    [​IMG]
     
    cwok likes this.
  5. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    99,493
    Joined:
    Apr 15, 2014
    Messages:
    6,456
    Likes Received:
    16,739
    good thing im still on iphone 3gs

    :ublob:
     
  6. Limo Wreck

    Limo Wreck Aboard the great mothership Staff Member

    Reputations:
    104,440
    Joined:
    Dec 13, 2011
    Messages:
    8,874
    Likes Received:
    19,277
    When you name your operating system candy cane, lollipop or cotton candy, im gonna have a hard time taking it seriously.
     
    BrulesRules likes this.
  7. Calloused Shins

    Calloused Shins Well-Known Member

    Reputations:
    89,624
    Joined:
    Oct 17, 2014
    Messages:
    5,900
    Likes Received:
    9,908
    All they'll find on my "smart" phone is this place and 23 hour sports and porn coverage
     
  8. StRyDeRxX

    StRyDeRxX Bling Bling Gold

    Reputations:
    62,626
    Joined:
    Mar 4, 2012
    Messages:
    11,808
    Likes Received:
    13,017
    :eek:
     
  9. AllAboutHim Ed

    AllAboutHim Ed #mypurpose VIP

    Reputations:
    140,258
    Joined:
    Jan 1, 2014
    Messages:
    7,370
    Likes Received:
    11,166
    Oh the droidtards would be loving this if it were a problem for iPhones. I'm sure patching tens of millions of phones owned by your average low information android user will be very easy though.
     
    Bryce likes this.
  10. Droog

    Droog Well-Known Member VIP

    Reputations:
    142,666
    Joined:
    Jan 15, 2012
    Messages:
    15,449
    Likes Received:
    19,808
    No surprise. I'm not a fan of Android to begin with, but now that smartphone OS's are doing more and more, they're also becoming more like a regular PC. A billion people is worth spending time finding ways to hack in. With each version, phone operating systems become more bloated and more vulnerable.
     
  11. BrulesRules

    BrulesRules Just grab 'em in the biscuits VIP

    Reputations:
    374,081
    Joined:
    Jan 18, 2012
    Messages:
    137,244
    Likes Received:
    63,970
    I will not celebrate this news like my Android friends would an Apple hack. Just buy whatever phone you like and leave other people alone.
     
  12. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    99,493
    Joined:
    Apr 15, 2014
    Messages:
    6,456
    Likes Received:
    16,739
    its "slower than dogshit" as we say in the pc repair world

    but it works :grad:
     
  13. Nick Manning

    Nick Manning Well-Known Member VIP

    Reputations:
    20,862
    Joined:
    Jan 17, 2012
    Messages:
    3,109
    Likes Received:
    4,400
    Good thing that The Wig is still on Lotus Notes!
     
    HorseFanNetwork, Batwings and dawg like this.
  14. WillyBest

    WillyBest Achiever Gold

    Reputations:
    258,528
    Joined:
    Feb 7, 2012
    Messages:
    25,012
    Likes Received:
    24,684
    They can't get me, I'm on SIM cards!
     
  15. HorseFanNetwork

    HorseFanNetwork Well-Known Member

    Reputations:
    24,575
    Joined:
    Jan 15, 2012
    Messages:
    2,133
    Likes Received:
    3,584
    luckily i have a dumb outdated phone that barely works.
     
    dawg likes this.