Brazil, O Globo / GDA
A new flaw in the operating system Android jeopardizes almost a billion smartphone worldwide, specialists warned security company Zimperium zLabs.
The vulnerability was discovered in the Stagefright component, which is present in all versions of the operating system from Frozen Yogurt 2.2 . According to researcher Joshua Drake, the hacker only needs the phone number to get unlimited access to the tablet or smartphone .
“We believe it is the worst vulnerability of Android so far “, experts in the company blog security. “These problems exposed Stagefright code 95% of devices Android , estimated at over 950 million dollars.
The Drake Research found vulnerabilities Multiple remote execution of code that can be scanned by various methods, and the worst of it is that it “does not require user interaction.”
Hackers only need the phone number, because with an MMS message can automatically play a media file that gives them full access to the entire apparatus. Therefore, it is possible that the attacks are silent, without the victim having to open a file or even view the message.
The Stagefright is a multimedia library that handles the most popular file formats. The problem is that the application has access privileges to the system. A damaged media file can easily undermine the entire device. The Attackers can gain access, in silence, all the information stored or exchanged by the victim.
“In some units, the Stagefright have access directly into the system, so it is Easy to get to the heart of the device, “Drake said.
Zimperium zLabs reported a Google on the vulnerability and provided possible solutions. The company acted quickly and the solution is already applied in internal code, but the problem is that updating all devices will take time.
As a fragmented operating system, each manufacturer has its upgrade policy.
blackphone users have received the update. Mozilla Firefox, which is also affected, and addresses the vulnerability.
No comments:
Post a Comment