Its been a hard week for Android few days back the severe vulnerability has been discovered in the name of #Stagefright vulnerability that allows attacker to crash the mobile phone. Recently another vulnerability has been discovered on Android.
The vulnerability causes the phone to crash and useless to even make a single call or send sms to other through the phone.
More than 55 percent of mobile phones has been vulnerable and the version that are vulnerable are Android Jelly bean and later including Android Lollipop.
950 million Android phones are under risk and it can be done by two ways
1. Booby Trapped Website and
2. Malicious Application.
Booby Trapped website is the malicious web site where the user are redirected and the malicious activity can be executed and the mobile can be crashed.
Fake website effect can be removed by restarting the mobile but the malicious application if installed the app will initiate the crash call whenever the phone has been started or restarted.
This makes the phone useless for any other purpose. This was due to the Indexing of media files by the OS while starting or booting. The service is known as #mediaserver service.
The proof of concept has been released by the security researchers and it can be found here.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment