Do you remember the gap in the library Stagefright? Yes, the same one that jeopardized virtually all Android devices on the market. It turns out that there are more similar holes.
He publicly announced that Joshua Drake, one of the vice presidents Zimperium. According to him Stagefright there are two gaps. One of them is present in the outfits of Lollipop Android 5.0 and above, and the second on virtually all commercially available outfits. Of course, they have not yet patched.
Google has provided to its partners the appropriate amendments on Sept. 10 and will be installed during the next update SAFETY ADVICE, which is to take place on October 5. Amendment will also include the Android Open Source Project, which is an open version of the Anroid.
The risks carried by new vulnerabilities are as serious as last time.
The person who successfully exploited these holes can very easily way to take control of the affected device. It will have access to your personal data and photos made by him. She can also remotely take pictures, record conversations, browse e-mail and other messages, and install on your additional applications.
While in the case of the first gap Stagefright the simplest and most widely used scenario could be opened automatically by the device specially crafted MMS, in this case, is najlogiczniej use the browser. The offender may be using phishing or catchy banner convince a user to visit a website that will use the error.
It is also possible to create an application that will use malicious code or redirect traffic to the right, infected place. For the second error, which affects only devices with Android 5.0 and above, the attack can be specially prepared file to MP3 or MP4 players.
As in the case of the first gaps Stagefright, also here they are used powers vested in the library.
The intruder may use it for their purposes. Library Stagefright is simply badly written and it is in many other errors. This means that they can be constantly used by the attackers. A large part of them may never be made public, which means that Android users are still exposed to attacks. In this situation does not matter much that Google lats these publicized vulnerabilities because the real problem lies in the quality of the library and the Android.
Recently I did a test for susceptibility to the first version of the gaps Stagefright on several best of my outfits mobile. It turned out that virtually all can still be attacked in the old way. As the owner of the equipment absolutely I did not feel that Google took care of my safety. On the contrary, I feel exposed to attacks even more.
But what they have to do those using equipment from the sign of a green job? Change for free from the Windows application Phone’a? Or spend a half (if not all) payments on the iPhone? Many people do not have much choice and is sentenced to the use of cheap equipment with Android. Even if they do not have much to hide, they still have a right to privacy and security. It’s time that Google gave it to them.
* Photo: Shutterstock
->
No comments:
Post a Comment