Tell Your Friends: How to Protect Yourself from Android's Biggest Security Flaw in Years
Researchers at the cyber security firm Zimperium have recently uncovered a vulnerability in roughly 95% of Android devices that has the potential to allow hackers to take total control over your phone with a simple picture message (MMS). The gritty details of this exploit have not been made public yet, but hackers now know the general framework for this type of attack, so you can be certain that they'll hammer out the details in no time.To be clear, Zimperium is a security firm, so their main goal in discovering this vulnerability was to gain a little notoriety while helping Android manufacturers and developers plug up a potentially disastrous security risk. Nonetheless, the general basis for the attack is now public knowledge, so hackers with malicious intents need only to reverse-engineer some of the finer aspects of this exploit before they can actually start putting it to use.
How It WorksThe premise is relatively simple—an attacker only needs your phone number to take total control of your Android device by sending an MMS with the malicious code embedded in it. This means that, theoretically, a hacker could send you an MMS message while you were asleep, take control over your phone, then remove all traces of the attack while you remained none the wiser.Once the trojan file has been sent over MMS, the attacker can read your messages, retrieve your login credentials for various sites and services, operate your device's microphone, and access almost any file stored on your phone. To put it simply, a hacker could potentially gain access to all of the sensitive data stored on your smartphone by sending you a simple picture message. Android devices can be hacked with a single MMS message.
What Devices Are Affected?This particular attack exploits a security loophole in Android's media library (Stagefright) to gain escalating permissions. Since Stagefright has been the default media library in Android devices for the past 5 years, this exploit has the potential to compromise almost any phone running Android 2.2 (Froyo) through Android 5.1.1 (Lollipop).
When Is a Fix Coming?Google has already added a fix for the Stagefright exploit to Android's code base, but this certainly doesn't mean that we're in the clear.Consider the way Android updates usually work: First, Google adds new code to AOSP (which they've already done in this case). Then, Google pushes this updated version out to manufacturers like Samsung or HTC. The manufacturers then spend months adding their own custom tweaks to the firmware before sending it out to the cellular carriers. The carriers then spend another few months adding their own bloat to the firmware, and ultimately, the security fix is sent out to end users about 6 months after it was originally made.It certainly won't take hackers a full 6 months to replicate this exploit, so in the meantime, we'll need to take matters into our own hands.
Disable MMS Auto-Retrieve to Prevent AttacksSince the exploit works by sending an MMS that is automatically downloaded by your phone, the only way to prevent this attack is to set your phone to not automatically download MMS messages. The drawback here is that you'll have to tap future MMS messages to download them manually, but it's a small price to pay for security.The process will vary depending on your text messaging app, but I'll outline it for some of the most popular messaging apps below.Samsung Messages App:If you're using the default Messages app on a Samsung device, start by heading to the Settings entry in app's main menu. From here, select "More settings," then "Multimedia messages." Finally, disable the "Auto retrieve" option to ensure that potentially dangerous MMS messages are not automatically downloaded. Google Messenger App:With the Google Messenger app, start by tapping the three-dot menu button in the app's top-right corner, then select the Settings entry. From here, choose Advanced, then make sure the "Auto-retrieve" option is disabled on the next screen. Hangouts App:To disable MMS auto-retrieve in the Hangouts messaging app, head to the side navigation menu and select Settings. Next, choose the SMS entry, then scroll down a bit, and make sure that the "Auto retrieve MMS" option is disabled. From now on, your phone will no longer download MMS messages automatically, meaning the exploit can't be triggered on your phone without your knowledge. But you should still be very careful about opening MMS messages, and in general, do not open an MMS message that came from a phone number you don't recognize.Personally, I think this exploit shines a light on Android's convoluted update process, because without the manufacturers and carriers meddling around with our phones' firmware, we could already have a fix for this issue sent directly from Google. What are your main concerns with the Stagefright exploit? Let us know in the comment section below, or drop us a line on Android Hacks' Facebook or Twitter, or Gadget Hacks' Facebook, Google+, or Twitter.
To Break a Phone Addiction, Turn Your Screen Gray Apr 28, The Atlantic Selects What Does It Mean to Support 'Free College'?
These 4 Apps Can Help Cure Your Smartphone Addiction
How To: Add Floating Live Animations to Any Custom Wallpaper on a Galaxy Note 3 How To: Make Any App Work in Split-Screen on Your Galaxy Note 9 How To: Get the Note 4's Weather Widgets on Your Galaxy S5 How To: Watch Videos While You Work with This Floating Translucent Window for Mac
Custom Live Wallpaper Creator - WallpaperSafari
Prior to this year's WWDC, there were lots of rumors that Apple might finally be making a version of iMessage for Android. While that never came to fruition, a few big updates to a very useful app have now ensured that we can seamlessly send and receive Android texts in Apple Messages on our Macs.
How to Draw & Send Messages to Your Friend's Lock - Nexus
May 16, 2017 · Face filters for adults too "There's a lot of exciting work being done around augmented reality," an Instagram spokesperson said when asked about the app copying Snapchat's face filters.
Interview with Dvoshansky - The Creator of Flying Face
A broken power button can seem like the endgame for your Android phone. But it doesn't have to be. There are many workarounds that will allow you to keep using your device. Unfortunately, there is no sure-fire way of restarting all Android devices that have a broken power button.
Five Ways to Restart Android Phone without Power Button
So, if you want to know everything that is coming to your iPhone and iPad with iOS 12, here is our list of 15 new iOS 12 features that you should know: Best iOS 12 Features for iPhones and iPads Note : The list is based on the Developer Beta 1 of iOS 12 running on iPhone X.
The 68 Coolest New iOS 10 Features You Didn't Know About
News: Gear 360 VR Camera Set to Accompany Galaxy S7; Announcement Date Set How To: Add Slo-Mo & Time-Lapse Effects to a Single Video on Your iPhone How To: Build a Weatherproof Camera Enclosure for Long Term Time-Lapses How To: Do the basic moves of Afro-Brazilian dance, Capoeira
How to Secure Photos, Videos, & More on Your Galaxy S6 Using
Production company: CR8TIVE ROW Exec Producers: Daps & Sara Lacombe Director: Daps Producers: Sara Lacombe, Vanda Lee, Amy Thomson
Play Secret Snake Game inside YouTube video - How to
Hacke dein Nexus 7 in ein Hybrid-Android-Tablet, das wie iOS & TouchWiz aussieht und sich anfühlt Gefällt dir Samsungs TouchWiz und die Benutzeroberfläche des iPhones, möchten Sie jedoch das Beste aus beiden Welten auf Ihrem Gerät zusammenbringen?
Hot Android How-Tos — Page 59 of 66 « Android :: Gadget Hacks
Use a Firewall to Keep Data-Hungry Apps in Check - Android
There are ways to keep your iPhone from making a sound when you have an incoming call. Whether you do it by using the hardware mute switch or software settings, the iPhone gives you ways to turn off or modify the ringer.
How to download apps and games from the App Store. Best new movies and TV Shows on iTunes. Need more help with your new iPhone? There's a lot to uncover with your new iPhone. Half the fun is finding it on your own. The other half is getting help from someone that knows the tips, tricks, and hidden secrets of the iPhone.
How to get a refund for iTunes or App Store purchases | iMore
0 comments:
Post a Comment