1 Billion Android Devices Vulnerable

Android users beware.  Hackers could easily gain access to your company’s online banking, trust and escrow accounts through a simple hack to your Android smartphone. A bug in the Android OS exposes 95% of all Android devices — a whopping 1 BILLION devices worldwide. It’s located in the ’Stagefright’ layer of the Android OS.

Stagefright is a media library that processes several popular media formats. Since media processing is often time-sensitive, the library is implemented in native code (C++) which is more prone to memory corruption than memory-safe languages like Java. Specifically, the bug revolves around how Stagefright processes rich media in an SMS. Basically, it processes all rich media sent in SMS prior to making any security assessment.

Here’s more on how it works from imperium.com…

“Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.”

This has immediate implications if you manage any kind of online banking activities, for both business or personal finance. Protect yourself by NEVER doing any online banking through your smart phone, especially if it’s an Android device.

You can avoid this and be safe by doing 2 things:
1. Never using your Android device to bank online.
2. Manage your transactions in a secure PC environment (BankVault is the safest.) Do that an you will be safe.

If you *have* used your Android device to bank, we recommend wiping that device and doing a clean install of the OS and your apps.

Here’s what TechCrunch is saying about it…

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email