Slashdot Mirror

← Back to Stories (view on slashdot.org)

950 Million Android Phones Can Be Hijacked By Malicious Text Messages

Posted by samzenpus on from the protect-ya-neck dept.

techtech writes: According to security firm Zimperium a flaw called "Stagefright" in Google's Android operating system can allow hackers take over a phone with a message even if the user doesn't open it. The vulnerability affects about 950 million Android devices. In a blog post Zimperium researchers wrote: "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual—with a trojaned phone."

4 of 120 comments (clear)

  1. ..all versions of Android after and including 2.2 by OutOnARock · · Score: 5, Insightful

    95% of them will never be patched........thanks for all the fragmentation.....

  2. Re:..all versions of Android after and including 2 by Anonymous Coward · · Score: 2, Insightful

    You can blame the carriers for much of that fragmentation.

    Finger pointing.

    The time-worn bullshit excuse that obviously never gets old.

    If at first you don't succeed, fucking blame someone else.

  3. Re:..all versions of Android after and including 2 by ZorinLynx · · Score: 5, Insightful

    It's the phone makers' faults. Sorry, but that's just the way it is.

    Apple has shown that it's possible for the device manufacturer to deploy new software directly. Yet in the Android world, it's still the carriers doing it. There's only a few phones where the manufacturer pushes new updates (and even those don't tend to be supported as long as iPhones do)

    The Android world needs to wake the hell up and start supporting its users properly. It's ridiculous that this sort of situation can happen; if a similar exploit appeared for iOS, Apple would patch devices in 10 seconds flat.

  4. Rooting is under-rated by emil · · Score: 3, Insightful

    When the critical Samsung keyboard exploit hit the news, I was able to do this (and you were not):

    mount -o remount,rw /system
    cd /system/app
    mv SamsungIME.apk SamsungIME.banished
    scp cyanogen:/tmp/LatinIME.apk .
    cd
    mount -o remount,ro /system
    reboot

    I have no intention of relinquishing my ability to repair this vendor-inflicted brain damage because of your foolish misconceptions.