Click to Skip Ad
Closing in...
  1. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  2. Prime Day Deals 2021
    04:05 Deals

    Prime Day deals 2021: See hundreds of Amazon’s best deals right here

  3. Prime Day Nest Thermostat Deal
    16:28 Deals

    The newest Nest Thermostat rarely goes on sale, but it’s $99.98 for Prime Day

  4. Withings Prime Day Deals
    21:32 Deals

    Check out these 5 Prime Day deals on popular Withings smart gadgets

  5. MyQ Smart Garage Door Opener
    08:38 Deals

    Epic Prime Day 2021 deal: MyQ smart garage opener is on Amazon for $17

950 million Android users at risk as researcher uncovers massive security flaw

July 27th, 2015 at 11:35 AM
Android Security Flaw

A security researcher has recently uncovered a worrisome new Android exploit which allows hackers to compromise a device simply by sending either an MMS message or a multimedia file. Once a device has been targeted and infected, hackers can access a user’s microphone, camera, external storage, and in some cases (depending on the device in question), even gain root access.

Initially discovered by Joshua Drake from the security firm Zimperium, the exploit takes advantage of a number of vulnerabilities found within the software framework Android uses to “process, play and record multimedia files.”

DON’T MISS: 5 Gmail hacks you shouldn’t have to live another day without

What makes the exploit truly dangerous is that it can seemingly be triggered without any pro active action on part of the user. Because the software framework in question is used for processing all types of media content, handsets can even be infected upon landing on a webpage with embedded video content.

“I’ve done a lot of testing on an Ice Cream Sandwich Galaxy Nexus… where the default MMS is the messaging application Messenger,” Drake said in an interview with Forbes. “That one does not trigger automatically but if you look at the MMS, it triggers, you don’t have to try to play the media or anything, you just have to look at it.”

PC World adds:

The library is not used just for media playback, but also to automatically generate thumbnails or to extract metadata from video and audio files such as length, height, width, frame rate, channels and other similar information.

This means that users don’t necessarily have to execute malicious multimedia files in order for the vulnerabilities found by Drake to be exploited. The mere copying of such files on the file system is enough.

Now as for how this may affect users in the real world, well, there’s good news and bad news.

The good news is that Drake, to his great credit, not only unearthed the exploit but developed a patch for it. What’s more, Drake shared his research and patch with Google this past April whereupon the search giant immediately applied the fix to its “internal Android code base”

The bad news, though, is that because it typically takes a while (read: months) for new Android updates to be pushed down to the varying and seemingly endless number of Android handsets, it’s believed that 95% of Android devices out in the wild are still at risk. What’s more, Android handset makers who aren’t official Google partners don’t even have access to the patched codebase at all.

Translation? Drake believes that as many as 950 million Android handsets currently in use remain vulnerable to such an attack.

Even more worrisome is that the exploit in question affects all Android devices running version 2.2 and above. The thing is, many handsets devices running older versions of Android stopped being eligible for software updates years ago. Put differently, if you’re still using an Android device you picked up about two or more years ago, you’re effectively out of luck.

Drake plans to disclose more information about his exploit next month at the Def Con security conference in Las Vegas.

A life long Mac user and Apple enthusiast, Yoni Heisler has been writing about Apple and the tech industry at large for over 6 years. His writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and most recently, TUAW. When not writing about and analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions, the most recent examples being The Walking Dead and Broad City.

Popular News