This may come as a shock to some, but an exploit discovered cyber-security company Zimperium, has put 950 million Android phones at risk of being hacked. It’s been dubbed the “Stagefright” exploit, where a single text message containing a video file can lead to someone stealing your personal info.
Actually, it’s more than your personal info. Hackers can use the camera, and mic, on a Android phone to spy on you.
And Google has known about it since April 9 (dramatic music ensues).
As the story goes, Zimperium discovers the bugs and warns Google that, “Hey, you have this huge security exploit that could put a bunch of people at risk,” to which Google decided to do nothing for the hundred or so days. Only when Zimperium went public, did Google think to itself, “We might need to do something.”
Zimperium’s vice president is expected to do a presentation next week, concerning the exploit, in Las Vegas.
But how does this flaw exist? According to The Register the exploit, “exists in a software library called Stagefright buried deep inside Android.” The software is written in C++ and that it’s, “susceptible to memory corruption.”
Now, that has to make you wonder, are you one of the 950 million affected? If you’re device is running an Android version older than Jellybean, then yes, you are definitely affected. For those who are running Jellybean 4.1, you have some degree of protection (for instance some of the apps prevent certain files on your mobile device from accessing your private information).
There are a couple of ways to increase your security. You can disable the Stagefright library or remove/disable Google Hangouts (prevents the video files from being read right away). There was also talk of downloading anti-virus software.
In an email to The Register, Google stated that, “The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.”
“Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device.”
Hopefully, the presentation will clear up any more questions that Android users might have. While we wait for that to happen, what are your thoughts on the exploit? Let me know in the comments below.