Stagefright 2.0 Exploits Android Vulnerabilities

Newly found vulnerabilities in the way Android handles media files can allow attackers to compromise devices by tricking users into visiting maliciously crafted Web pages.

The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.

The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.

The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.

Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.

One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.

The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.

Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.

Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.

That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.

Source-http://www.thegurureview.net/mobile-category/stagefright-2-0-exploits-android-vulnerabilities.html

Will Google’s Algorithm Stop Piracy?

Nosey Google has updated its search engine algorithms in an attempt to restrict piracy web sites appearing high in its search rankings.

The update will mean piracy sites are less likely to appear when people search for music, films and other copyrighted content.

The decision to roll out the search changes was announced in a refreshed version of a How Google Fights Piracy report, which was originally published in September 2013.

However, this year’s updated report features a couple of developments, including changes to ad formats and an improved DMCA demotion search signal.

The move is likely to be a result of criticism received from the entertainment industry, which has argued that illegal sites should be “demoted” in search results because they enable people to find sites to download media illegally.

The biggest change in the Google search update will be new ad formats in search results on queries related to music and movies that help people find legitimate sources of media.

For example, for the relatively small number of queries for movies that include terms like ‘download’, ‘free’, or ‘watch’, Google has instead begun listing legal services such as Spotify and Netflix in a box at the top of the search results.

“We’re also testing other ways of pointing people to legitimate sources of music and movies, including in the right-hand panel on the results page,” Google added.

“These results show in the US only, but we plan to continue investing in this area and to expand it internationally.”

An improved DMCA demotion signal in Google search is also being rolled out as part of the refresh, which down-ranks sites for which Google has received a large number of valid DMCA notices.

“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites. This update will roll out globally starting next week,” Google said, adding that it will also be removing more terms from autocomplete, based on DMCA removal notices.

The new measures might be welcomed by the entertainment industry, but are likely to encourage more people to use legal alternatives such as Spotify and Netflix, rather than buying more physical media.

Source

Criminals Remotely Erasing Smartphone Data

Smartphones taken as evidence by police in the UK are being wiped remotely by crooks in order to remove potentially incriminating data, an investigation has uncovered.

Dorset police told the BBC that six devices were wiped within the space of a year while they were being kept in police custody, and Cambridgeshire, Derbyshire, Nottingham and Durham police also confirmed similar incidents.

The technology being used was originally designed to allow device owners to remove sensitive data from phones or tablets if they are lost or stolen.

“We have cases where phones get seized, and they are not necessarily taken from an arrested person, but we don’t know the details of these cases as there is not a reason to keep records of this,” a spokeswoman for Dorset police told the BBC.

A spokeswoman for Derbyshire police also confirmed one incident of a device being remotely wiped while in police custody.

“We can’t share many details about it, but the case concerned romance fraud, and a phone involved with the investigation was remotely wiped,” she said. “It did not impact upon the investigation, and we went on to secure a conviction.”

Software that enables this remote wiping has been available from a variety of security firms for some time now.

For example, BitDefender announced a product a while back intended to track  lost or stolen Android devices. Not only did it allow users to connect remotely and ‘wipe’ data from a web profile via the internet, but to activate commands with text messages.

Pen Test Partners’ digital forensics expert, Ken Munro, said it is common practice to immediately put devices that are seized as evidence into a radio-frequency shielded bag to prevent any signals getting through and stop remote wipes.

“If we can’t get to the scene within an hour, we tell the client to pop it in a microwave oven,” he said. “The microwave is reasonably effective as a shield against mobile or tablet signals – just don’t turn it on.”

Source

Can Android Fight Cyber Threats With A.I.?

A security firm called Zimperium has launched mobile software that learns from smartphones to fend off malicious cyber attacks.

Claiming to be the first security software to be powered by artificial intelligence (AI), the app is called zIPS, with the “IPS” standing for “intrusion prevention system”. The aim of the AI is to better spot malware before it causes harm or spreads to other devices.

The zIPS software works whether the smartphone is offline or online and can protect against malicious apps, such as those that can self-modify, and network attacks like a “man in the middle” attack where a hacker intercepts data being sent between one user and another.

“With zIPS, corporations will now have the opportunity to use [bring your own device] as an advantage to their security. zIPS is the first security solution that can combat modern cyber-attacks on mobile,” said Zimperium’s founder and CEO Zuk Avraham. “There is already evidence of attacks that are happening to infiltrate organisations, which only zIPS can prevent.”

Prior to working on the Android app, Avraham worked as a security researcher for the Israeli Defense Forces and Samsung electronics before setting up Zimperium in response to what he thinks is a poor selection of good mobile security software.

According to MIT Technology Review, Zimperium said that there have as yet been no programs that can detect, notify and protect against cyber attacks deployed through mobile devices.

The zIPS Android app has arrived in the Google Play store for all Android devices at a time when malware on Android is at an all time high.

Last year, Trend Micro warned that Google’s Android mobile operating system is so beset by cyber criminals creating malicious apps that the malware was on track to hit the million mark before the end of 2013.

The firm said that this was attributable to hackers seeking to exploit Android’s growing global user base.

Source