Page 8 - index
P. 8
RESEARCH, ANALYSIS & TRENDS
Stagefright steals information remotely
from Android devices
Stagefright, a vulnerability that allows attackers to steal highly targeted attacks is the victim's phone number. In
information from Android devices, was discovered just a some instances, devices can be compromised, even
couple of weeks ago. This flaw allows attackers to steal when users do not play or watch the actual message
information from Android devices through remotely exe- content. Simply viewing the MMS can affect the device.
cuted code via a maliciously crafted multimedia mes- With Google Hangouts, however, it is possible for de-
saging service message (MMS). vices to be compromised almost instantly.”
With 950 million users of Android devices potentially ESET launched an app on Google Play to help Android
affected and a failed attempt by Google to fix the issue, users detect Stagefright on their devices. The expert
users should take Stagefright more seriously than other recommends for users to further check with their ven-
commonplace vulnerabilities, ESET, a global pioneer in dors whether a patch for their Android device already
proactive protection, recommends. According to investi- exists and to deactivate the short message service
gations, all versions of Android from Froyo (2.2) inclu- (SMS) auto retrieve function for Messenger and
sive are vulnerable and versions prior to Jelly Bean are Hangout applications for now.
at higher risk, since they do not incorporate the appro-
priate mitigations. "Asia Pacific has one of the highest Android mobile
user concentration in the world, making the region a
The company explains: “Amongst the thousands of lines prime target for cyber hackers. Mobile users should
in the source code of Android, there is a media library always remember to follow cyber security best practic-
called Stagefright in charge of managing multimedia es, such as avoiding clicking on messages or links from
formats that allow users to playback videos and music suspicious sources and updating their operating system
on their Android devices. Attackers exploit Stagefright software regularly," said Parvinder Walia , Sales Direc-
by designing malicious MMS messages that are sent to tor at ESET Asia Pacific . "We hope that more consum-
victims. In these cases, the only information required for ers will download the app as a proactive measure to
secure their devices." ◊
8 Asian eMarketing August 2015: Security
8
