950 Million Android Devices Threatened by Bug

By Douglas A. McIntyre Published Oct 2, 6:36AM EDT

The following warning was issued by a software security firm that researches the Google Inc. (NASDAQ: GOOGL) Android OS:

Zimperium zLabs VP of Platform Research and Exploitation, Joshua J. Drake (@jduck), dived into the deepest corners of Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices. Drake’s research, to be presented at Black Hat USA on August 5 and DEF CON 23 on August 7 found multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction.

A malicious attack could be made easily:

Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS. A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited. Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.

The hacking of huge data files has a rival in the hacking of consumer electronics devices. As the adoption of such devices roars forward, it is had to imagine what would stop it. That “what” may have appeared.

ALSO READ: Groundbreaking Technology Innovation Could Be Huge for 5 Top Tech Stocks

Follow 24/7 Wall St. on Google

About the Author Douglas A. McIntyre →

Douglas A. McIntyre is the co-founder, chief executive officer and editor in chief of 24/7 Wall St. and 24/7 Tempo. He has held these jobs since 2006.

McIntyre has written thousands of articles for 24/7 Wall St. He is an expert on corporate finance, the automotive industry, media companies and international finance. He has edited articles on national demographics, sports, personal income and travel.

His work has been quoted or mentioned in The New York Times, The Wall Street Journal, Los Angeles Times, The Washington Post, NBC News, Time, The New Yorker, HuffPost USA Today, Business Insider, Yahoo, AOL, MarketWatch, The Atlantic, Bloomberg, New York Post, Chicago Tribune, Forbes, The Guardian and many other major publications. McIntyre has been a guest on CNBC, the BBC and television and radio stations across the country.

A magna cum laude graduate of Harvard College, McIntyre also was president of The Harvard Advocate. Founded in 1866, the Advocate is the oldest college publication in the United States.

TheStreet.com, Comps.com and Edgar Online are some of the public companies for which McIntyre served on the board of directors. He was a Vicinity Corporation board member when the company was sold to Microsoft in 2002. He served on the audit committees of some of these companies.

McIntyre has been the CEO of FutureSource, a provider of trading terminals and news to commodities and futures traders. He was president of Switchboard, the online phone directory company. He served as chairman and CEO of On2 Technologies, the video compression company that provided video compression software for Adobe’s Flash. Google bought On2 in 2009.