Security
Android Devices Vulnerable to Image Hack | Storm Internet
Own an Android device? Your phone and your website can be at risk! All it takes is an innocent looking image on social media or a messaging app and then all of a sudden you lose your phone and website to malware.
Along with the dangerous Quadrooter vulnerabilities that affected an estimated 900 million devices, and other undisclosed issues, Google is issueing patches like crazy. This newly found critical exploit could let attackers deliver malicious code inside innocent looking images through sites like Facebook and Kik messenger.
For the malicious code to be activated all the vicitim has to do is view the image full screen. After the image is viewed depending on the code inside the image, the attacker can gain remote control over the device or install a mobile keylogger. In some cases attackers just make the device 100% unusable causing the operating system to just crash.
The vulnerability is almost like last year’s Stagefright bug that alloed hackers to hijack Android devices with only a text message. The big difference is how the new vulnerability works. It works because of the way certain Android applications use the Exif data in an image according to Tim Strazzere, the researcher who discovered the exploit.
Any app using Android’s Java object ExifInterface code is most likely vulnerable.
“Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving an email from someone. Once that application attemted to the parse the image, the crash is triggered.” – Strazzere
Strazzere crafted exploits for affected devices and found that it worked on most socail media and messenger apps, however, he did not reveal the names of any non-Google apps affected by the flaw.
How is my Website at Risk?
Since this expolit allows users to install malicious codes you are at risk of remote keyloggers. Since most major CMS systems are responsive it is not uncommon for site owners to login to their websites via their mobile phones to just check up on things or to make small changes. The issue comes in when you login to your site, the keylogger would reveal to the hacker how to login to your account which could be disastrous for your website.
Is there a Fix?
All Android devices with operating systems 4.2 to 6.0.1 are vulnerable to this image-based exploit. Google annouced an update will be released by Friday, Septmeber 30th . However it may take longer before the manufacturers release the update to its users.
So, as long as you keep your Android device updated you should be safe from this exploit.
If you’d like super-fast hosting for your web site, call us on 0800 817 4727. We’ve been providing ultra fast, secure web hosting services since 2004 and know a thing or two about optimising servers and sites for speed.
Speak with a Storm Expert
Please leave us your details and we'll be in touch shortly
A Trusted Partner