News Nearly 1 billion phones can be hacked with 1 text

Discussion in 'The Howard Stern Show' started by dawg, Jul 27, 2015.

  1. dawg

    dawg In The Dog House Staff Member

    Reputations:
    27,514
    Joined:
    Aug 19, 2010
    Messages:
    124,432
    Likes Received:
    101,061
    android-logo.jpg

    “Stagefright” is one of the worst Android vulnerabilities to date.


    So listen: Can I have your number?

    Can I have it? Can I? Have it?

    Um…maybe not. Actually, you should think twice before giving away your cell phone number—especially if you happen to own a phone that runs on Google’s Android operating system.

    That’s the only thing a hacker needs to compromise a handset.

    A mobile security researcher has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on.

    Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

    Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

    “These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited,” he writes on his company’s blog. “Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

    When Drake reported the severe vulnerabilities along with potential fixes to Google GOOG 0.63% in April (as well as another set May), the company, he writes, “acted promptly and applied the patches to internal code branches within 48 hours.” That doesn’t mean the problem is resolved, however.

    As Forbes reporter Thomas Fox-Brewster writes, device manufacturers will still need to push the updates out in order to safeguard their customers. Google’s major Android partners, which include phone-makers like LG, Lenovo LNVGY -5.15% , Motorola MSI -1.39% , Samsung SSNLF -3.23% , and Sony SNE -1.37% were not immediately available to comment. (Fortune will update this when we hear back.)

    An HTC HTC 0.00% spokesperson responded: “Google informed HTC of the issue and provided the necessary patches, which HTC began rolling into projects in early July. All projects going forward contain the required fix.”

    Drake praises the security firm Silent Circle, based in Geneva, Switz., which makes the Blackphone handset, for its quick response protecting users since it released PrivatOS version 1.1.7. He also praises Mozilla, maker of the Firefox web browser, for including fixes since version 38. “We applaud these vendors for prioritizing security and releasing patches for these issues quickly.”

    “This is Heartbleed for mobile,” said Chris Wysopal, chief tech and information security officer at the application security firm Veracode. These vulnerabilities “are exceedingly rare and pose a serious security issue for users since they can be impacted without having clicked on a link, opened a file or opened an SMS.”

    Drake plans to present his research at the Black Hat and Def Con security conferences in Las Vegas next month.

    So, um, can I have your number?

    http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/
     
  2. flonsta

    flonsta Well-Known Member

    Reputations:
    960
    Joined:
    Oct 22, 2012
    Messages:
    898
    Likes Received:
    2,022
    It'd be cool if Drake the rapper joined this other Drake guy to fight this scourge.
     
  3. Batwings

    Batwings Well-Known Member VIP

    Reputations:
    0
    Joined:
    Jan 20, 2012
    Messages:
    1,104
    Likes Received:
    824
    Isn't that loosely the plot to the "Kingsman"?
     
  4. RonHeinzkaboot

    RonHeinzkaboot Adultophile Gold

    Reputations:
    441
    Joined:
    Aug 14, 2013
    Messages:
    20,144
    Likes Received:
    18,764
    [​IMG]
     
    cwok likes this.
  5. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    27,054
    Joined:
    Apr 15, 2014
    Messages:
    7,004
    Likes Received:
    18,301
    good thing im still on iphone 3gs

    :ublob:
     
  6. Limo Wreck

    Limo Wreck Aboard the great mothership Gold

    Reputations:
    448
    Joined:
    Dec 13, 2011
    Messages:
    8,917
    Likes Received:
    19,401
    When you name your operating system candy cane, lollipop or cotton candy, im gonna have a hard time taking it seriously.
     
    BrulesRules likes this.
  7. Calloused Shins

    Calloused Shins Well-Known Member

    Reputations:
    4,784
    Joined:
    Oct 17, 2014
    Messages:
    7,442
    Likes Received:
    12,537
    All they'll find on my "smart" phone is this place and 23 hour sports and porn coverage
     
  8. StRyDeRxX

    StRyDeRxX Bling Bling Gold

    Reputations:
    813
    Joined:
    Mar 4, 2012
    Messages:
    11,922
    Likes Received:
    13,306
    :eek:
     
  9. AllAboutHim Ed

    AllAboutHim Ed #mypurpose VIP

    Reputations:
    43
    Joined:
    Jan 1, 2014
    Messages:
    7,505
    Likes Received:
    11,470
    Oh the droidtards would be loving this if it were a problem for iPhones. I'm sure patching tens of millions of phones owned by your average low information android user will be very easy though.
     
    Bryce likes this.
  10. Droog

    Droog Well-Known Member VIP

    Reputations:
    3,502
    Joined:
    Jan 15, 2012
    Messages:
    16,111
    Likes Received:
    21,015
    No surprise. I'm not a fan of Android to begin with, but now that smartphone OS's are doing more and more, they're also becoming more like a regular PC. A billion people is worth spending time finding ways to hack in. With each version, phone operating systems become more bloated and more vulnerable.
     
  11. BrulesRules

    BrulesRules Just grab 'em in the biscuits VIP

    Reputations:
    31,956
    Joined:
    Jan 18, 2012
    Messages:
    142,607
    Likes Received:
    70,173
    I will not celebrate this news like my Android friends would an Apple hack. Just buy whatever phone you like and leave other people alone.
     
  12. Bryce

    Bryce 2017 Kimbra in Chief VIP

    Reputations:
    27,054
    Joined:
    Apr 15, 2014
    Messages:
    7,004
    Likes Received:
    18,301
    its "slower than dogshit" as we say in the pc repair world

    but it works :grad:
     
  13. Nick Manning

    Nick Manning Well-Known Member VIP

    Reputations:
    860
    Joined:
    Jan 17, 2012
    Messages:
    3,222
    Likes Received:
    4,829
    Good thing that The Wig is still on Lotus Notes!
     
    HorseFanNetwork, Batwings and dawg like this.
  14. WillyBest

    WillyBest Achiever Gold

    Reputations:
    32,223
    Joined:
    Feb 7, 2012
    Messages:
    26,015
    Likes Received:
    27,630
    They can't get me, I'm on SIM cards!
     
  15. HorseFanNetwork

    HorseFanNetwork Well-Known Member

    Reputations:
    450
    Joined:
    Jan 15, 2012
    Messages:
    2,286
    Likes Received:
    3,807
    luckily i have a dumb outdated phone that barely works.
     
    dawg likes this.