Moscow. On 30 July. INTERFAX.RU – Experts of the American company Zimperium discovered a vulnerability in the operating system Android, which allows hackers to easily gain access to about a billion smart phones using this OS, reports Deutsche Welle.
To infect a smartphone hackers need to know the phone number of the owner. This number is through messenger Hangouts or MMS multimedia message is sent a video clip containing malicious code. In Zimperium claim that is not necessarily the owner of the phone even open a message – then infected smartphone happens automatically.
The source of vulnerability is the basic tool of the Android system to play multimedia files called Stagefright, he said in an interview with Forbes specialist company Zimperium Joshua Drake.
The problem – in the basic principle Stagefright, automatically loads attached to incoming messages videos. From the actions of the user there is already little depends. Moreover, the malware got into the smartphone can then delete all incoming message from the “Inbox”.
Through got phone code of the attacker can gain control over those parts of the system, which has access Stagefright: store audio and video, pictures, a wireless Bluetooth connection to the phone. Chance of and access to other units of the smartphone, including a camera and a microphone.
How to tell the experts Zimperium, vulnerability, they opened in April of this year and immediately informed the manufacturer of Android, to Google. The Google reacted quickly: the company immediately sent out protection against malicious virus maker of smartphones on Android.
The spread of “patches” to the operating system or newer versions for specific brands of smartphones – quite a long process, and monitoring of Forbes yet “no smartphone manufacturers in the Android system update is not distributed to the underlying vulnerability.” This means that out of danger right now there are only very old devices with system version lower than 2.2.
In Google urged not to dramatize the event and noted that in April, known cases of infection through the vulnerability was not, but the way things are today, – is unknown.
Android smartphone owners to recommended settings SMS-application to disable automatic downloading of MMS-messages and, if possible, not to use the messenger Hangouts. Detailed information on the fight against vulnerability is expected in early August on a dedicated developer conference in Las Vegas.
According to IDC, more than 80% of smartphones worldwide run on OS Android.