Fortinet warns about vulnerability that could affect 95% of devices with Android system

Colombia. The Stagefright vulnerability, which could affect up to 95% of Android devices on the market (about 950 million). This vulnerability is considered critical since it affects the device without user interaction, simply when receiving an MMS message.

On July 27, the mobile security system provider called Zimperium announced this vulnerability discovered in the Android library called Stagefright, which is responsible for processing different media formats. The most dangerous scenario of the attack is a message that uses the MMS format, which can be processed with the help of this library. Upon receiving this malicious message, the application responsible for managing it displays a preview of the message in the notification area. In this way it gets the vulnerable code activated on the phone.

As for the devices exposed to this type of attack are:

• All devices that have Android or derivative operating system, since version 2.2.

• Devices with Android versions prior to 4.1 "Jelly Bean" without patching, are the most vulnerable because they do not have an adequate system to mitigate exploits.

• The total number of vulnerable devices is about 950 million, or 95% of all Android devices.

In addition, this vulnerability also affects smartphones with Mozilla Firefox, since they use the same library on all platforms, except Linux. This has been resolved with a patch in Firefox version 38 and users are advised to update their browsers.

To avoid falling victim to this vulnerability, Fortinet recommends:

1. Disable the option of automatic download of MMS messages in applications that handle such messages, such as the one used by default: Android Messaging, as well as Google Hangouts or any other similar application.

2. Update the operating system of the Android smartphone. Patches of some more popular versions of the OS are already available (CyanogenMod & Blackphone). The patch for CyanogenMod versions 12.0 and 12.1 is available in https://plus.google.com/+CyanogenMod/posts/7iuX21Tz7n8.

Android's internal codes have already been updated, but updating the different phone models will depend on each manufacturer using the Android operating system on their devices.

Santiago JaramilloEmail: [email protected]

Editor

Comunicador social y periodista con más de 15 años de trayectoria en medios digitales e impresos especializados para América Latina. Actualmente Editor de las revistas Ventas de Seguridad, Gerencia de Edificios y Coordinador académico del Congreso TecnoEdificios.

• 12 useful steps in video surveillance
• It is worth investing in technology in prisons
• Aalborg Achieves Savings thanks to Milestone VMS
• Technology and sustainability in a building
• Access, priority in schools