Posted on 08/18/2015 5:41:07 AM PDT by ThunderSleeps
Stagefright vulnerability in Googles Android operating system has been in headlines recently due to the fact that a large number of (1 billion+) smartphones are vulnerable to this attack. Since Zimperium discovered the the 6 Stagefright vulnerabilities related to Mediaserver in Android devices, Trend Microlabs has found another vulnerability called Silent Attack which can render Android smartphones to go silent or in a reboot loop after a hacker sends a specially crafted multimedia text.
(Excerpt) Read more at techworm.net ...
Doesn't sound like much of a vulnerability to me. Heck, if I can convince you to install my app, sure I can own you - with or without a MMS attack.
This doesn’t make sense to me:
“For an attack to begin, attackers convince the victim to install an app that doesnt require any required permissions, giving them a false sense of security.”
If I can convince you to run my program...well duh...
Weak Exploit with a big effect ping
And of course, if you’ve got a Nexus phone, you’ve already been updated for these vulnerabilities (so long as you installed the update that was pushed out.)
No, because the attack you are speaking of is not for iOS. . . it was Thunderstrike 1 & 2 and affected Apple Mac OS X through the Thunderbolt device data port, not iOS iPhones/iPads through the Lightning power port.
Plugging in an iOS device with a Lightning power connection can perhaps be an attack venue if you were to connect to a computer device, but the system has to handshake with an already known computer device and then requires the user's AppleID to do so.
Some self-described "security researcher" claimed he had found undocumented, hidden and nefarious, built-in backdoors in iOS devices about a year ago. He was quickly and roundly slapped down by the developer community when they got a look at his so-called "hidden back-doors" and it turned out they were very well known documented AND secure, Apple iOS System libraries used for backing up iOS devices to iTunes and iCloud. . . just off-limits for developers and available only for specific permission system apps, which developers are not permitted to use.
Thank you for the detailed correction.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.