Warning! Just an Image Can Hack Your Android Phone — Patch Now



Nordnet Baritof
Nordnet Baritof
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2016-09-07 14:24:52

| Share
| Share
| Share
Warning! Just an Image Can Hack Your Android Phone — Patch Now

Own an Android smartphone? Beware, as just an innocuous-looking image on social media or messaging app could compromise your smartphone.

Along with the dangerous Quadrooter vulnerabilities that affected 900 Million devices and other previously disclosed issues, Google has patched a previously-unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.

In fact, there is no need for a victim to click on the malicious photo because as soon as the image’s data was parsed by the phone, it would quietly allow a remote attacker to take control over the device or simply crash it.

The vulnerability is similar to last year's Stagefright bug (exploit code) that allowed hackers to hijack Android devices with just a simple text message without the owners being aware of it.

Read also 

The Stagefright flaw affected more than 950 Million Android devices and resided in the core Android component Stagefright — a multimedia playback library used by Android to process, record and play multimedia files.

However, the recent vulnerability (CVE-2016-3862) resided in the way images used by certain Android applications parsed the Exif data in an image, SentinelOne's Tim Strazzere, the researcher who uncovered the vulnerability, told Forbes.

Any app using Android's Java object ExifInterface code is likely vulnerable to the issue.
 

An Image Received...? Your Game is Over


Making a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim's phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim’s knowledge.

"Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone," Strazzere said. "Once that application attempts to parse the image (which was done automatically), the crash is triggered."

According to Strazzere, attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.

Strazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail and most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.

 

When will I expect a Fix?


All versions of Google's operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack, except today's update that fixed the vulnerability.

The researcher even successfully tested his exploits on a handful of phones running Android 4.2 and Amazon devices and found that the devices remain unpatched, leaving a large number of users of older Android devices exposed.

So, if you are not running an updated version of operating system and/or device, you probably are vulnerable to the image-based attack.

Google has delivered a patch to fix the issue, but given the shaky history of handset manufacturers and carriers rolling out security patches, it is not known how long the companies will take to update vulnerable Android devices.

Google rewarded Strazzere with $8,000 as part of the company's Android bug bounty program.

Read Next  
Read Also        : 
Read More :      

click the next for more ...
Russia is Largest Portal HACKED; Nearly 100 Million Plaintext Passwords Leaked
Russia is Largest Portal HACKED; Nearly 100 Million Plaintext Passwords Leaked
Russia is Largest Portal HACKED; Nearly 100 Million Plaintext Passwords Leaked

.
Fantastic Beasts drive deeper into pre-Harry Potter world
Fantastic Beasts drive deeper into pre-Harry Potter world

Rowling reunites with David Yates, the director of four §double§Harry Potter§double§ films, as comfortably as §double§Fantastic B


Fantastic Beasts drive deeper into pre-Harry Potter world
What Do the British Prime Minister and George Clooney Have in Common

Theresa  replaced David Cameron as prime minister of the U.K.with a rather suddenly, much journalists scrambled to find out more about her person


Fantastic Beasts drive deeper into pre-Harry Potter world
SCANDAL FaceBook FINED Cambridge for 500 000 £

Facebook has finally been weaking up with its first fine of £500,000 for Cambridge Analytica to improperly gather and misapply data of 87 m


Fantastic Beasts drive deeper into pre-Harry Potter world
Marvel Comics Giant Stan Lee Has Died At 95

Stan Lee, the colorful Marvel Comics patriarch who helped usher in a new era of superhero storytelling -- and saw his creations become a giant influen


Fantastic Beasts drive deeper into pre-Harry Potter world
How Does Android s New In-app Updates API Work

Notice that the Android§apostrofe§s new In-app Updates API doesn§apostrofe§t force or lock out users from the app if they chose no


Fantastic Beasts drive deeper into pre-Harry Potter world
Capitan has slept in the grave of his owner every night

For the past 6 years, a dog named Capitan has slept in the grave of his owner every night. His owner, Miguel Guzman died in 2006 and Capitan dissapear



© 2013-2018 best of geeks. All rights reserved.