Black Hat 2015: Researchers discovered a vulnerability σε συσκευές Android που επιτρέπει σε hackers να έχουν access to a remote device without its owner ever knowing. The flaw affects about 95% of Android devices running OS versions 2.2 through 5.1, according to security firm Zimperium.
The error is due to a multimedia library (used to edit media files) called Stagefright.
Zimperium reports that too many vulnerabilities have been found in this framework. The company plans to present its research at the Black Hat 2015 conference to be held in August.
Using a person's phone number, hackers can send a multimedia file via MMS that allows them to sign in to a device. The really worrying fact is that the owner of the device will never learn it.
Hackers could theoretically send through the file trojan while the owner of the device is sleeping, and gain access to his phone. They can then delete any evidence that the phone was compromised.
Once the exploit is completed, the hacker can remotely use a phone's microphone, steal files, read emails, and smash all personal credentials.
“Αυτά τα τρωτά σημεία είναι εξαιρετικά επικίνδυνα, επειδή δεν απαιτούν από το θύμα να προβεί σε οποιαδήποτε energy για να αξιοποιηθούν. Σε αντίθεση με το spear-phishing, όπου το θύμα θα πρέπει να ανοίξει ένα αρχείο PDF ή μια connection sent by the attacker, this vulnerability can be triggered while the victim is sleeping. Before waking up, the attacker will remove all signs that the device has been compromised and continue to access the trojaned phone," Zimperium CTO Zuk Avraham says.
Of course, after that, Google should immediately update all versions of Android, which is very difficult.