A cyber security research firm recently revealed that the overwhelming majority of Android devices can be hacked into with a single text. Zimperium zLabs, the research firm, found that all a hacker needs is a phone number to compromise an Android device. The bug has been named Stagefright, after the media library in the Android operating system that processes several popular media formats.
Cyber criminals can use a victim’s phone number to remotely execute code via a multimedia text message. The hacker sends a video to the victim in a text laced with the malware code. When the exploit code is opened in Google Hangouts, a built-in Android phone app, the malware triggers before the victim even gets the notification that they have a text message. The default text messaging app on many Android phones is Messenger, which does not cause the malware to trigger automatically. However, if the victim looks at the text message, the malware triggers. Victims don’t even have to open or download the video to activate the malware. Experienced hackers can delete the texts that contain the malware before the victim even knows that their device has been compromised. Stagefright gives hackers access to data, and allows them to copy or delete it. Stagefright also lets hackers access the victim’s camera and microphone, so victims could be recorded without their knowledge. The malware gives hackers access to photo galleries, and affects Bluetooth and the data on SD cards. Alarmingly, hackers can chain more exploits to Stagefright and gain more access to the device through escalated privileges.
This malware is suspected to be the worst Android vulnerability to date, since victims don’t have to do anything to trigger it. Stagefright also affects millions of devices, since Android is the most popular OS for mobile phones worldwide. About 80% of smartphones run on Android, and this bug could leave 950 million devices vulnerable. The bug affects devices Android devices running on Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop. The 11% of devices running on the Android software versions before Jelly Bean are especially vulnerable due to inadequate exploit mitigations.
The bug was first discovered in April by Zimperium and reported it to Google. Google sent out patches to Android device manufacturers to fix the bug, but despite this many devices still remain vulnerable. Manufacturers are slow to push out patch updates so millions of devices could be compromised by Stagefright. This bug demonstrates the importance of continuous security monitoring, since millions of devices can be affected by a bug so easily. Depending on the texting app the victims use, they might not even see that their device has been compromised.
EiQ’s SOCVue portal gives companies continuous security visibility, so companies can immediately know when a device isn’t secure. The EiQ SOC Team provides 24x7 monitoring of company IT infrastructure. When a security incident is detected, the SOCVue team will provide timely notifications, and include further information on the recommended actions to take. With EiQ’s continuous security monitoring, companies won’t have to worry about threats going undetected.