Black Hat 2015: Researchers have discovered a vulnerability in Android devices that allows hackers to access a device remotely without ever knowing its owner. The flaw affects approximately 95% of Android devices running operating system versions from 2.2 to 5.1, according to Zimperium security firm.
The error is due to a media library (usesfor editing multimedia files) called Stagefright.
Zimperium reports that too many vulnerabilities have been found in this framework. The company plans to present its research at the Black Hat 2015 conference to be held in August.
Using a person's phone number, hackers can send a archive multimedia via MMS that allows them to enter a device. The really worrying thing is that the owner of the device will never know.
Hackers could theoretically send through the trojan file while the owner of the device is asleep, and gain access to his phone. They can then delete any evidence that the phone has been violated.
Once the exploit, ο hacker μπορεί να χρησιμοποιήσει από απόσταση το μικρόφωνο ενός τηλεφώνου, να κλέψει αρχεία, να διαβάζει τα μηνύματα ηλεκτρονικού ταχυδρομείου, και να υποκλέψει όλα τα προσωπικά διαπιστευτήρια.
“These vulnerabilities are extremely dangerous because they do not require the victim to perform any energy to be utilized. Unlike spear-phishing, where the victim would have to open a PDF file or a link sent by the attacker, this vulnerability can be activated while the victim is asleep. Before waking up, the attacker will remove all signs that the device has been compromised and continue to access the trojaned phone," Zimperium CTO Zuk Avraham says.
Of course, after that, Google should immediately update all versions of Android, which is very difficult.