How Frightened Should Android Developers Be Of Stagefright
Wednesday, July 29, 2015
Richard Harris |
Stagefright is a new Android vulnerability which was found and announced by Joshua J. Drake, Zimperium zLabs Vice President of Platform Research and Exploitation. Specifically the company says Stagefright is: “…what we believe to be the worst Android vulnerabilities discovered to date.”
Here is a rundown according to Zimperium, “These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices. Drake’s research, to be presented at Black Hat USA on August 5 and DEF CON 23 on August 7, found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction.”
The company advises Android users that: “Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a Trojaned phone.”
As an Android developer, there is not much that can be done as this is an OS issue. Google is issuing a patch for the vulnerability and like many similar situations, the public’s furor will die down and the situation will soon be a brief memory.
One opportunity the news does present is for application security companies like Zimperium, who undoubtedly will see a rash of inquiries from companies looking for enhanced security options. Checkmarx jumped on the bandwagon issuing its advisory on the threat as has AdaptiveMobile.
It’s certainly been an interesting past few days as the IoT has taken a major hit with the last week’s crazy Jeep hack report by Wired Magazine and now Android takes a hit with Stagefright. The public’s appetite for new technology and connectivity has so far been insatiable, however I wonder if we may soon reach a tipping point and see a consumer backlash – or it could be that the hits are coming so hot and heavy that people have just become desensitized.
Read more: http://blog.zimperium.com/experts-found-a-unicorn-...
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here