Heartbleed-Level Vulnerability Found In 950 Million Android Devices, Thanks To DRM

[sanahtlig]

The new vulnerability is being referred to as Stagefright.

 

A serious vulnerability discovered by the researchers at Zimperium, a security company, allows attackers to infect the vast majority of existing Android users (over 950 million) through a simple MMS message without any action from the user.

 

The Zimperium researchers discovered multiple vulnerabilities in the Stagefright media library in Android, which is written in C++, allowing for easy exploitation, and has almost root-level privileges and Internet access. The researchers believe that these excessive permissions in the library are due to it supporting some types of digital rights management (DRM) processing or streaming playback. However, they ultimately make the devices highly vulnerable to silent exploitation in the background.

[Eclipsed]

"Versions that are older than Android 4.2 are in even greater danger, because they lacked exploit mitigations that were added to newer versions of Android, as well as a way to disable automatically receiving an MMS"

 

FUHHHHHH

[Nosebleed]

I've lived without a cellphone for the past 6 years, no phone no safety issues. Teeku

Apple had a similar vulnerability that would make phones crash. Nothing is hack proof.

[firecat]

well time to buy a new phone with android 4.2 for $100 in 3 years! 

[Abyssal Monkey]

In other words, for 50% of users the only solution to this issue is to hack the phone and install 3rd party custom ROMs, or buy a new phone.

 

This issue exposes serious flaws in the Android ecosystem that I'm hesitant to ever buy an Android device.  2 years of support (compared to 13 years for Windows XP) just doesn't cut it when your security is on the line.  While I hate Apple, if this happened to Apple iOS the patch would've been live before the news even broke.

[sanahtlig]

As always, I laugh at people who put personal information in insecure places.  Someone could hack my phone for all I care, and they would find nothing.  

[Abyssal Monkey]

I hope you don't carry around your phone with you then, because this hack can allow hackers to turn your phone into a spycam + listening device.  And depending on your app environment, it could be installed without user intervention.  Do you keep your phone in a sound-proof container at all times?

[havoc]

not especially worried.

 

As i am a sucker for PC instead of smartphones.

 

As i see it for my case, even if they do hack my phone nothing serious will be lost.

 

Because i use a different email adress for my phone than the usual one to wich i recieve important mails.

[Darklord Rooke]

Heh, times like this make me glad I don't have a smartphone :3

[Yuuko]

Happy that I have a Windows phone lol

[Scorp]

I even do not have MMS center setted up (also see no use of it, everyone who want to send me a photo could do it using Skype or Viber or WhatsApp or whatever). No MMS - no problem.

I hope you don't carry around your phone with you then, because this hack can allow hackers to turn your phone into a spycam + listening device. And depending on your app environment, it could be installed without user intervention. Do you keep your phone in a sound-proof container at all times?

How they will do it without me knowing it? They have to switch off my firewall first.

[Deep Blue]

I'm glad to have my nokia e71 now