contained in the multimedia engine Stagefright vulnerabilities pose a potential threat to most smartphones on Android. This was to find a breach of information security professionals from the team reported Zimperium publication Forbes.
According to the report Zimperium, were found seven vulnerabilities that allow remote hack up to 95 percent of the phones Android. To do this, attackers need to know the telephone number of the victim and to send him a picture message (MMS). As stated by the experts, the success does not require the user to read the message and the attached file is launched – enough to MMS was made smartphone.
Victor Chebyshev, head of research of mobile threats “Kaspersky Lab”, confirmed “Feed .Ru “the danger of such holes in the OS ‘potential vulnerabilities allow execution of arbitrary code on the device from a privileged application or service (in this case Stagefright), very dangerous. This is especially true of the operating system Android, because it is physically impossible to fix promptly inform all affected devices. ” He added that in principle there is no guarantee of creating smartphone manufacturers fixes.
At the same time the effects of the operation of such vulnerabilities only depend on the intentions of virus writers, Chebyshev added: “It may just steal the information you need, and can take root in the device to for a long time to collect personal data and perform various actions. For example, to send SMS to premium numbers ».
According to experts Zimperium, on some old crackers smartphones will have full access with administrative rights. In other cases, the vulnerability could allow them access to the microphone and camera, allowing you to monitor the victim.
The team sent to Google the necessary patches to fix bugs. They were sent in April and early May 2015. The Google patches installed in the current version of Android, which is then sent out to companies manufacturing devices. But as manufacturers slowly release a firmware update, 95 percent of smartphones remain vulnerable to attacks. However, the necessary updates have been installed in the Google Nexus smartphone and 6 Blackphone company Silent Circle. It is also not subject to attack devices using older versions of Android (up to 2.2).
In addition, the vulnerability of affected browser Mozilla Firefox (versions for Android, Windows and Mac), and the operating system Firefox OS, because they used a version Stagefright. The patch is added to them in the May update.
The experts promised to elaborate on the gaps found in the Black Hat Security Conference on August 5.