you android could be hacked by a simple SMS...Stagefright

[fordpower]

A discovery in Android operating systems uncovered by a researchers at Zimperium zLabs could be the worst ever reported for Android devices has uncovered a flaw that leaves as many as 95% of Android devices—that’s 950 million gadgets—exposed to attack. The computer bug, nicknamed “Stagefright” after a vulnerable media library in the operating system’s open source code, may be one of the worst Android security holes discovered to date. It affects Android versions 2.2 and on(Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations).Should a hacker learn someone’s cell phone number, all it takes is for that person to send a malware-laced Stagefright multimedia message to an affected phone in order to steal its data and photos or to hijack its microphone and camera, among other nefarious actions. Worse yet, a user might have no idea that his or her device has been compromised.

Joshua Drake, vice president of research and exploitation at the mobile security firm Zimperium zLabs, says an attacker can delete the message before a victim has any idea.

 

 Google told Fortune:

We thank Joshua Drake for his contributions. The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.

Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.

 

 

The problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files -- including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it's received, according Zimperium, a cybersecurity company that specializes in mobile devices.

If this sounds familiar, that's because this Android flaw is somewhat like the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

Typically, in these situations, companies are given a 90-day grace period to issue a fix. It's a rule even Google abides by when it finds flaws in others' software.

But it's been 109 days, and a fix still isn't largely available. That's why Zimperium is now going public with the news.

The issue now is how quickly Google will manage to fix this for everybody. While Apple can push out updates to all iPhones, Google can't.

Google is notorious for having a fractured distribution system. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There's phone carriers -- like AT&T (T, Tech30) and Verizon (VZ, Tech30) -- and makers of physical devices -- like Samsung (SSNLF) -- all of which need to work together to issue software updates.

Google told CNNMoney it already sent a fix to its "partners." However, it's unclear if any of them have started pushing that out to users themselves.if at all

The researchers who found the flaws told NPR that they do not believe it is yet in use in the wild. Still, it is potentially the largest flaw ever uncovered in Android. The good news is that Google has a fix. The bad news is that Google can’t send it to most directly—it needs manufacturers and carriers to push the patch out to you. As of writing, it is unclear which devices are still at risk.

 

“All devices should be assumed to be vulnerable,” Drake told Forbes.

 

 

http://fortune.com/2015/07/27/stagefright-android-vulnerability-text/

http://money.cnn.com/2015/07/27/technology/android-text-hack/

http://www.wired.com/2015/07/hack-brief-android-text-attack/

http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/

[Aytex]

tl:dr android is already working on a fix

[DarkBlade2117]

To long didn't read and especially not reading in that font. Misewell have put it in chineese

[Tech_Dreamer]

SANS!

[burnttoastnice]

Oh boy am I glad I don't give my number out.

[burnttoastnice]

To long didn't read and especially not reading in that font. Misewell have put it in chineese

TL;DR if you have an android phone, now's a good time to switch to iOS. And don't look back for at least a year or until android 6/7

[Timopomer]

 

TL:DR

 

android is the worst mobile operating system security wise and its not secret

[Timopomer]

TL;DR if you have an android phone, now's a good time to switch to iOS. And don't look back for at least a year or until android 6/7

thats what i did and all my friends

[Jerakl]

Not reading with such horrid formatting.

[Aniallation]

effective. Power لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ 冗

[Daegun]

Bad repost?

 

http://linustechtips.com/main/topic/416555-new-major-android-attack-vector-mms-videos/

[burnttoastnice]

thats what i did and all my friends

 

My next phone is going to be Windows Phone. With an android emulator to get the apps I need and use daily.

[DarkBlade2117]

My next phone is going to be Windows Phone. With an android emulator to get the apps I need and use daily.

<3 Lumia 735

[TheKDub]

tl:dr android is already working on a fix

 

And I'm not gonna end up getting the fix on my current phone... damn htc evo 4g lte and its android 4.0 os...

 

Though when I get an xperia z3 then it will be all good lol.

[burnttoastnice]

Possible temporary fix:

 

 

What Zimperium doesn't mention is that Android already has an excellent way of blocking most Stagefright assaults: Block all text messages from unknown senders.

To do this with Android Kitkat, the most popular Android version, you open the Messenger app and tap on the menu at the top right corner of the screen (the three vertical dots) and then tap on Settings. Once there, select Block Unknown Senders, and you're done.

On Lollipop, where Hangouts is the default messaging app, there's no default way to block unknown senders. You can, however, under Settings go to Multimedia messages and turn off Auto Retrieve for multimedia messages.

 

http://www.zdnet.com/article/stagefright-just-how-scary-is-it-for-android-users/

[byalexandr]

M8 WINDOWS PHONE MASTER RACE

[Guest]

Looks like I gotta go back to my IBM Simon...

[handymanshandle]

First iOS, now Android (and this could be even worse...)
I'm not sure if my carrier allows me to accept multimedia messages (since I can't seem to send them) so that might keep me safe.

Motorola still hasn't OTA'd 5.1 (at least to XT1064).

Somehow my APN settings were lost (Though my Moto G's frame and display is bust)

[Guest]

First iOS, now Android (and this could be even worse...)

I'm not sure if my carrier allows me to accept multimedia messages (since I can't seem to send them) so that might keep me safe.

Motorola still hasn't OTA'd 5.1 (at least to XT1064).

Somehow my APN settings were lost (Though my Moto G's frame and display is bust)

Motorola is being smart right now.

 

They understand what is wrong with Android, therefor, they are with-holding 5.0 on their flagships. They want to push out one big update instead of tiny Day-0 updates.