Major Flaw In Android Phones Gives Hackers Complete Control With Just A Text
A Major flaw reported by Joshua Drake in Android Phones back in April of 2015 gives hackers Complete Control With Just A Text. Sadly a few service carriers such as T-Mobile and Verizon have failed to respond with confirmations that their modified versions of the Android OS has been patched. Aarti-Shahani, a journalist with All Tech Considered reach out to leading phone makers and wireless service providers to confirm whether they have applied the patch already released to them by Google and T-Mobile and Verizon have still not confirmed.
T-Mobile Response on July 28th: “These kinds of security fixes are usually released by our third-party device partners, so we’re working with them to ensure those security updates have been deployed.” Also, the company says, “You may wish to contact the device manufacturers directly, as they can tell you more about their specific plans for these security update releases.”
Still no confirmation from any carrier we contacted.
Once the attackers get in, Drake says, they’d be able do anything, copy data, delete it, take over your microphone and camera to monitor your every word and move. “It’s really up to their imagination what they do once they get in,” he says.
Just days after a critical Stagefright vulnerability was revealed in the widely popular mobile platform, another new vulnerability threatens to make most Android devices unresponsive and practically unusable to essential tasks.
Security researchers at Trend Micro have developed an attack technique exploiting this flaw that could ultimately crash more than 55 percent of Android phones, almost making them completely unresponsive and useless to perform very basic functions, including to make or receive calls.
The dangerous security flaw affects any device running Android 4.3 Jelly Bean and later, including the latest Android 5.1.1 Lollipop, potentially putting hundreds of millions of Android users vulnerable to hackers.
The flaw surfaced two days after Zimperium researchers warned that nearly 950 Million Android phones can be hijacked by sending a simple text message. Dubbed Stagefright, the vulnerability is more serious because it required no end-user interaction at all to be exploited.
How to Exploit the Flaw?
A hacker can exploit the vulnerability in these ways:
- Through a Malicious Android App
- Â Through a Specially-Crafted Web Site
- Â Send a text with a video file attached
Root Cause of the Vulnerability:
The vulnerability actually resides in the mediaserver service used by Android to index media files located on the Android phone.
Researchers have also developed a proof-of-concept (PoC) malicious app that exploits the flaw. You can watch the given video that shows the exploit in work.
Most easy way to exploit the flaw is to lure a vulnerable Android phone to a booby-trapped website. Presumably, in this case, the phone can be revived by just restarting it.
However, the vulnerability if exploited by a malicious app can cause a long-term impact on the phone, according to a blog post published Wednesday by a researcher from security firm Trend Micro.
The malicious app can be designed in such a way that every time the phone is turned on, the app automatically start, causing the operating system to crash shortly after each restart.
This makes the device unresponsive, mute and useless, meaning no ringtone, message tone, or notification sounds will be heard. Neither the user can even receive or make calls.
Atlanta IT Service has been working on and testing a fix for this since none of the carriers have confirmed if they have in fact released the update provided to them back in May of 2015.
Temporary Work Around: We have found a few simple changes that you can make to your device to help stop this attack from compromising your device.
https://atlantaitservice.com/techtips/android-text-video-virus-fix-stagefright-hack
