#android vulnerabilities

Google’s Android platform consecutive encounter dangerous security flaws cause users to stand before the risk of hacker attacks.

Shortly after vulnerabilities in Stagefright code is detected, Android users recently faced with a new threat could make their smartphone become paperweight, fall prey to “vegetate” . The flaw was security researchers at Trend Micro discovered and could affect more than 50% of Android devices worldwide – where users from Android 4.3 to 5.1.1 are at risk of hacker attacks.

Specifically, according to the findings of the said security firm, such vulnerabilities are caused by service mediaserver that Android used to index (index) media files. Hackers could exploit the vulnerability by tricking a victim visiting a fake website that get them prepared. If attacked, the consequences to the user’s Android device will be completely inactive, unable to perform most of the functions including the calling and receiving calls.

In some cases, the user can restart the computer to the smartphone can work again. However, according to an article posted on the blog Trend Micro recently, these vulnerabilities can be used even in hazardous applications. If the standalone application is designed to automatically restart when the smartphone is switched on, the device of the user at risk of constantly fall into inactivity.

Researchers at Trend Micro Wish Wu said: This vulnerability lies in service mediaserver that Android used to index the media files stored on the device. This service can not handle correctly an inappropriate standard video file (hỏng) by Matroska file format (format injured with extension .mkv). When a non-conformance MKV file is opened, the service may crash the whole operating system makes crash also follow.

As mentioned, the vulnerabilities that Trend Micro detects affects machines running from Android 4.3 to 5.1.1 – meaning about half of Android users worldwide could be affected by the vulnerability mediaserver. Trend Micro said it had published his research for Google late last month 5/2015, however, the search company said it is not serious in Stagefright, and mediaserver only be placed on low priority only. Video demo mediaserver holes:

All Things to Know About Stagefright, dangerous vulnerabilities potentially offensive nearly 1 billion Android devices in just “one note”.

Recently, scientists have announced major flaw in the Android operating system called Stagefright. If you are using a device running Android, you can read the content below to know the level of danger of this vulnerability like. Stagefright is what?

“Stage fright” are feeling anxious when a speaker presentation prepared ahead of the crowd. However, Stagefright that we are referring to here is the flaw in the open source Google Android, has just been revealed on 27/7. It put 95% of Android devices – approximately 950 million – in danger. “Stagefright” is the name of your media library, part of the open source Android.

Illustration

Library stagefright any effect? Stagefright telephone help unwind multimedia messages, allow the device to understand the contents of MMS (multimedia content), containing video, image, audio, text, content contrary to SMS, containing only 160 characters. The error (bug) is the library Stagefright.

Stagefright not one single error To be exact, Stagefright vulnerability is a combination of 7 errors, denoted as follows: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015- 3827, CVE-2015-3828 and CVE-2015-3829.

Why should I care? If you are an Android user, your equipment is capable of danger. It’s how bad?

With Stagefright, hackers can attack the device just by simply sending malicious MMS messages. In fact, the victim does not need to open that message out, the purpose of the bad guys have been completed by as soon as receiving messages, their phones have been infected.

Once inside the entrance, the attacker could access the data, photos, camera, microphone on the device. What worse is he smart enough to delete the message in question before you realized your device attack.

Worse scenario he continued to steal contacts on your phone and then repeat the action offensive to those in the list. Thus, all your acquaintances are affected.

The flaw exists in how long? About 5 years. Google has patched yet? Google has patched immediately. The company said the first set of holes in April and another one in the month 5. discovered Stagefright, Joshua Drake, expert security firm Zimperium zLabs, said it has provided patches for Google and Google take into within 2 days.

So I was safe? No, because the problem is not solved. That is because the ecosystem-based Android hardware partners to release software updates. This is synonymous with Samsung, HTC, LG, Lenovo, Motorola, Sony … new is the person responsible for providing patches to customers. Currently, only CyanogenMod, Mozilla and Silent Circle do this. Without using any device of three firms mentioned, you must wait until the device manufacturers are taking official notice.

Is there a way to check for poisoning or not? If you are using Android 2.2 or higher, you may be in danger. These devices have the highest risk is from Jelly Bean onwards, representing approximately 11% market share Android.

According to Adrian Ludwig, chief engineer in charge of security Google, the company has introduced several powerful technology from Android Ice Cream Sandwich as Address Space Layout Randomization (ASLR). Technology makes the attacker difficult to predict the positions of code to exploit the flaw. To put it more understandable, ASLR is like putting the attacker in unfamiliar city without Google Maps or any knowledge about the city, landscapes or local language. What can I do to protect myself?

First, you can ask the manufacturer when the new patch. Then you should consider changing the settings on the Android app that uses MMS as Messaging and Hangouts. Uncheck in the “automatic receive MMS messages.” During this time, you should switch to other applications as snapchat, WhatsApp to send multimedia messages like photos, video. Another thing is not to expose the phone number out.

#Google announces #Android bug bounty program #technews24 #GoogleBugBounty

Google is extending its bug bounty program to hide vulnerabilities found on Android devices oversubscribed through its store.

The new Android Security Rewards program covers vulnerabilities found on current Nexus phones and tablets that are out there within the Google Store (formerly, the hardware section of Play Store). presently meaning the Nexus-6 and therefore the Nexus-9. The program…

Android malware is becoming more like Windows malware, “in other words, more dangerous to users,” Mathew J. Schwartz reports for InformationWeek. “One of the latest, a Trojan application called Odad.a… creates an attacker-accessible backdoor on infected…