Friday 2 October 2015

How a song threatens a billion Android devices


Over a billion Android devices could be at risk of being hacked by listening to an audio file or watching videos.

A new bug has been discovered in Google's mobile operating system which allows attackers to inject malicious code into a device and potentially steal information when a person accesses a specifically crafted MP3 or MP4 file.

The vulnerability called "Stagefright 2.0" was discovered by a team of researchers at Zimperium, a mobile security firm, and is said to affect "almost every Android device" since the first version in 2008.


Attendees visit the Android booth during a Google I/O developers conference in San Francisco.


There are several ways a user could be targeted. Firstly, a hacker could try to convince a user to visit a malicious webpage and preview a music or video file. This would give the attacker an opportunity to hack a user.

A criminal could also intercept unencrypted traffic between a device and another server – also known as a man-in-the-middle attack – in order to inject the malicious code into the files being transferred.

"The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue," Zimperium wrote in a blog post on Thursday.

Source : cnbc.com
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)