"Attackers only need your mobile number, which they can use remotely to execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post.
Zimperium said that it reported the problem to Google and provided the California Internet firm with patches to prevent breaches.
"Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that's only the beginning of what will be a very lengthy process of update deployment," Zimperium said.
It did not appear as though hackers had taken advantage of the Stagefright vulnerability, according to Zimperium.
Updating Android software powering mobile devices is controlled by hardware makers and sometimes telecommunication service carriers, not Google.
While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit.
More about Drake's research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.
No comments:
Post a Comment