Tag: smartphone security

A bug that can infect that operating system can spread itself with nothing more than one text message.

Smartphones that run on the Android operating system are now at risk of an important mobile security flaw that could allow a properly infected text message to take over the device.

It is currently estimated that nearly 1 billion devices around the world are vulnerable to this bug.

According to mobile security experts, this flaw is now considered to be “the word Android vulnerability in the mobile OS history.” Zimperium researchers that focus on this type of issue were among those who initially released details regarding this threat, which has been called “Stagefright.” This threat is dangerous enough that it can infect an Android based smartphone simply through the receipt of an MMS message, regardless of whether or not the device user actually opens it.

Once the text is received, the mobile security bug activates a code which releases full control of the device to an attacker.

This Android bug gives the attacker control over everything from the camera and microphone to the data on the device, which can then be copied. In their blog releasing information about Stagefright, the Zimperium researchers explained that “These issues in Stagefright code critically expose 95 per cent of Android devices, an estimated 950 million devices.”

While Google has already issued a repair for the security flaw for its Android operating system, many carriers and phone makers haven’t yet released the update to consumers.

The problem, itself, was first spotted back in April by Zimperium’s Joshua Drake. Drake received recognition for this discovery by Google, when the company released a statement saying “We thank Joshua Drake for his contributions. The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device.”

Google also took care to point out the mobile security steps that are already in place for devices that run on its operating system. It pointed out that the majority of Android based devices, including all of the ones running on the newer versions of the OS, include a number of different technologies that have been “designed to make exploitation more difficult.” Among them is an app sandbox that is meant to help to keep user data and other device apps protected.

The vulnerability that has been identified in some of the tech companies handsets could affect up to 600 million.

The mobile security news involving a flaw in many Samsung smartphones is spreading around the globe as estimates have stated that this issue could impact as many as 600 million people worldwide.

The mobile technology flaw could potentially allow Samsung Galaxy users to be spied upon by hackers.

The phones that could be impacted by the mobile security issue include the Samsung Galaxy S4, S4 Mini, S5 and S6. It comes in the form of a vulnerability that could make it possible for hackers to gain access to the microphone and camera on the device and to spy on users.

According to Buster Johnson of the National Association of Counties Cyber Security Task Force Team, “Hackers will basically be able to take control of a person’s cell phone and have the possibility of accessing a person’s personal information stored on their phone, which could include bank account passwords and other sensitive data.”

This suggests that the mobile security flaw could place users at a greater threat than just their privacy.

Data and identity theft as well as financial issues could also be thrown into the mix if the wrong information is accessed by the wrong people.

The smartphone security flaw was first identified by researcher Ryan Welton of NowSecure, back in 2014. Shortly thereafter, the security teams at both Google Android and at Samsung were notified of the problem.

The NowSecure blog includes a post from Welton that explained that the source of the vulnerability is in the Swift keyboard, which is pre-installed on the majority of Samsung devices. It is not possible for a user to disable or uninstall it, and its updates occur automatically on their own or when the device has been rebooted.

The mobile security problem comes into play when that update occurs, because the method of fetching the update is not secure if a hacker has access to the network traffic of the device user, for instance, in the case of a public WiFi hotspot. The attacker could use that unsecure network to pose as a server for Swiftkey and then exploit the update, executing a code that would give the hacker privileged user access to the device.