Monday, 30 November 2015

Stagefright New Android Virus .(Read it CareFully) Otherwise it will send your SMS MMS and Any Chat to Hacker

In July 2015, security company Zimperium announced that it had discovered a "unicorn" of a vulnerability inside the Android operating system. More details were publicly disclosed at the BlackHat conference in early August — but not before headlines declaring that nearly a billion Android devices could potentially be taken over without their users even knowing it.
So what is "Stagefright"? And do you need to worry about it?
We're continuously updating this post as more information is released. Here's what we know, and what you need to know.

What is Stagefright?

"Stagefright" is the nickname given to a potential exploit that lives fairly deep inside the Android operating system itself. The gist is that a video sent via MMS (text message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus the "Stagefright" name), which helps Android process video files
. Many text messaging apps — Google's Hangouts app was specifically mentioned — automatically process that video so it's ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it.
Because libStageFright dates back to Android 2.2, hundreds of millions of phones contain this flawed library.

Aug. 17-18: Exploits remain?

Just as Google began rolling out updates for its Nexus line, the Exodus firm published a blog post snarkily saying that at least one exploit remained unpatched, implying that Google screwed up with the code. UK publication The Register, in a flouncily written piece, quotes an engineer from Rapid7 as saying the next fix will come in September's security update — part of the new monthly security patching process.
Google, for its part, has yet to publicly address this latest claim.
In the absence of any further details for this one, we're inclined to believe that at worse we're back where we started — that there are flaws in libStageFight, but that there are other layers of security that should mitigate the possibility of devices actually being exploited.
One Aug. 18. Trend Micro published a blog post on another flaw in libStageFright. It said it had no evidence of this exploit actually being used, and that Google published the patch to the Android Open Source Project on Aug. 1.

New Stagefright details as of Aug. 5

In conjunction with the BlackHat conference in Las Vegas — at which more details of the Stagefright vulnerability were publicly disclosed — Google addressed the situation specifically, with lead engineer for Android security Adrian Ludwig telling NPR that "currently, 90 percent of Android devices have a technology called ASLR enabled, which protects users from the issue."
This is very much at odds with the "900 million Android devices are vulnerable" line we have all read. While we aren't going to get into the midst of a war of words and pedantry over the numbers, what Ludwig was saying is that devices running Android 4.0 or higher — that's about 95 percent of all active devices with Google services — have protection against a buffer overflow attack built in.
ASLR (Address Space Layout Randomization) is a method that keeps an attacker from reliably finding the function he or she wants to try and exploit by random arrangement of memory address spaces of a process. ASLR has been enabled in the default Linux Kernel since June 2005, and was added to Android with Version 4.0 (Ice Cream Sandwich).
How's that for a mouthful?
What it means is that the key areas of a program or service that's running aren't put into the same place in RAM every time. Putting things into memory at random means any attacker has to guess where to look for the data they want to exploit.
This isn't a perfect fix, and while a general protection mechanism is good, we still need direct patches against known exploits when they arise. Google, Samsung (1), (2) and Alcatel have announced a direct patch for stagefright, and Sony, HTC and LG say they will be releasing update patches in August.

Who found this exploit?

The exploit was announced July 21 by mobile security firm Zimperium as part of an announcement for its annual party at the BlackHat conference. Yes, you read that right. This "Mother of all Android Vulnerabilities," as Zimperium puts it, was announced July 21 (a week before anyone decided to care, apparently), and just a few words the even bigger bombshell of "On the evening of August 6th, Zimperium will rock the Vegas party scene!" And you know it's going to be a rager because it's "our annual Vegas party for our favorite ninjas," completely with a rockin' hashtag and everything.

How widespread is this exploit?

Again, the number of devices with the flaw in the libStageFright library itself is pretty huge, because it's in the OS itself. But as noted by Google a number of times, there are other methods in place that should protect your device. Think of it as security in layers.

here is the more detail from about the virus

Stagefight detector apps

We don't really see the point in using a "detector" app to see if your phone is vulnerable to the Stagefright exploit. But if you must, there are some available.
  • Lookout Mobile Stagefright Detector
  • Zimperium Stagefright Detector
  • Stagefright is believed to be the worst Android vulnerability yet discovered. All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices, by nearly 1 billion people. Hackers only need to know your phone number to infect your device.
    The malware is delivered via a multimedia message (MMS) sent to any messenger app that can process a specific video format - like an Android device’s native messaging app, Google Hangouts and WhatsApp.
    If you want to learn more about this issue, please visit Avast blog.
    The most common Android messaging apps load videos automatically. You can protect yourself by disabling the Auto retrieve feature in your default messaging app, so that videos cannot be loaded in the background and infect your device.
    Instructions for the most common messaging apps can be found in the following articles:
    • Instruction for Messages app
    • Instruction for Google Hangouts app
    • Instruction for Messenger app
    • Instruction for Messaging app
    • Instruction for WhatsApp
    Instruction for Messages app
    1. Open the Messages app and click on the three dots icon in the upper-right corner.
    2. Click on Settings in the dropdown menu.
    3. Click on Multimedia messages.
    4. Uncheck Auto retrieve.
    5. Double-check if your Messages settings look like this:
    Instruction for Google Hangouts app
    1. Open the Google Hangouts app and click on the three lines in the upper-left corner.
    2. Click on Settings.
    3. Click on SMS.
    4. Scroll down to Advanced and uncheck Auto retrieve MMS.
    5. Double-check if your Google Hangouts SMS settings look like this:
    Instruction for Messenger app
    1. Open the Messenger app and click on the three dots in the upper-right corner.
    2. Click on Settings in the dropdown menu.
    3. Click on Advanced.
    4. Uncheck Auto retrieve.
    5. Double-check if your Messenger Advanced settings look like this:
    Instruction for Messaging app
    1. Open the Messaging app and click on the three dots in the lower-right corner.
    2. Click on Settings.
    3. Scroll down to Multimedia (MMS) messages and uncheck Auto retrieve MMS.
    4. Double-check if your Messaging settings look like this:
    1. Open WhatsApp and click on the three dots in the upper right hand corner.
    2. Click on Settings.
    3. Click on Chat Settings.
    4. Click Media auto-download.
    5. Click When using mobile data and/or When connected on Wi-Fi.
    6. The When connected on Wi-Fi settings are automatically set to download videos, so it is important to uncheck the checkmark.
    7. The When connected on mobile data settings are NOT automatically set to download videos, but in case you did enable it, you should disable it.
    8. Your WhatsApp Media auto-download should now look like this:

No comments:

Post a Comment