It was this week revealed that a vulnerability at the heart of the Android operating system has the potential to leave 95% of such devices open to hacking by outside influences. A weakness in the coding of the media library known as ‘Stagefright’ which processes several media formats on Android devices is what could leave up to an estimated 950 million devices at risk, according to Joshua J Drake who discovered the vulnerability.
Drake is the Vice President of Platform Research and Exploitation at Zimperium zLabs and according to his investigation the vulnerability means that attackers would only need your mobile number to remotely execute code. That would give them access to many different areas of your phone, including photos and messages and means that they could Trojan the device.
According to Drake, this represents one of the ‘worst Android vulnerabilities to date’ due not only to the multitude of devices which it could impact but also due to the nature of the weakness. The vulnerability discovered can, according to Drake and other experts, be exploited by a virus embedded in a video file sent via MMS to your device.
What this means is that the issue is particularly worrying as it does not require you to do anything to open your device to attack. Or as Drake himself explains; ‘these vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited…this vulnerability can be triggered while you sleep.’ What’s more, it is believed that if the vulnerability is exploited the embedded virus can delete the message by which it was delivered meaning that the device’s owner may be left unawares that their device has been hacked.
As worrying as news of this potentially dangerous vulnerability undoubtedly is, there is some good news however in that it is not believed that anyone is yet exploiting the problem. What’s more, the weakness was reported to Google by Drake and Zimperium zLabs back in April and the company acted swiftly between then and this week’s announcement to try to combat the issue.
A Google statement on the subject claimed ‘the security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.’ It is believed however, that many manufacturers are yet to reissue these patches to users, meaning that a huge swathe of devices could potentially still remain at risk.
Coming hot on the heels of news of a massive recall of 1.4 million cars by Fiat Chrysler after their internet-connected entertainment system proved to be vulnerable to hackers, this story further demonstrates the ever precarious world of cyber-security.
It goes to show after all, that these kinds of issues can suddenly arise from seemingly nowhere to threaten a variety of IT systems and devices and as such could prove really damaging to businesses that rely on such devices. That only goes to further solidify the importance therefore, of reliable and experienced IT support that can help you to ensure the security and efficiency of your IT systems.
