Android Flaw Highlights Tech Risk

Erik Bernstein crisis management, Crisis Response, hacking, information security Leave a Comment

When it comes to hacks think “when,” not “if”

Android

From Flickr.com, credit: JD Hancock

Our smartphones are veritable treasure troves of valuable information, yet they’re also one of the least-protected devices we use on a regular basis. Hacking phones is becoming more profitable by the minute, and the number of threats appearing is directly related.

Mobile security specialists at Zimperium recently discovered what they’re calling one of the worst Android vulnerabilities found to date, issues in the operating system’s “Stagefright” media processing code that allow attackers to gain full access to your phone by sending a specialized media file through MMS or other means; Google Hangouts, for example.

Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.

Stop and think for a second about the damage someone could do if they had full control of your phone and you had no idea. Purposely destroying working relationships via text or email, stealing critical access information (oh yes, it’s saved in plain text versions on many phones), copying private pictures, or simply denying you the ability to receive crucial phone calls are just a few of the many cringe-inducing possibilities that spring to mind.

Odds are this, or something similar will affect you, your workforce, or someone you’re close to, and as you can see the consequences don’t stop with the single phone infected. Plan to prevent, prepare to detect, and know what you’ll do when it happens.

Erik & Jonathan Bernstein
www.bernsteincrisismanagement.com

Leave a Reply