Just an Image can Hack Your Android Device
Have an Android Device? Just an innocent looking image on social media or messaging app could hack android device. Along with that the dangerous Quadrooter vulnerabilities which affected 900 Million devices. Google has patched a previously unknown critical bug that could let attackers deliver their hack hidden inside an innocent looking image via social media or chat apps.
There is no would like for a victim to click on the malicious image as a result of as before long because the image’s knowledge was keep by the phone. it would quietly permit a far off attacker to require management over the device and may merely crash it.
The vulnerability is comparable to last year’s fright bug (exploit code) that allowed hackers to hack mechanical man devices with simply an easy text message while not the homeowners being knowing regarding it.
The Stage fright flaw affected more than 940 Million Android devices and resided in the core Android component Stage fright — a multimedia playback library used by Android to process, record and play multimedia files. The recent vulnerability (CVE-2016-3862) resided in the way images used by certain Android applications stored the Exif data in an image.
Any app using Android’s Java object Exif Interface code is likely vulnerable to that issue.
Any Image Got? Your Game is Over
Making a victim open the image file within an affected app like Gchat or Gmail, a hacker could either cause a victim’s phone to crash or remotely execute malicious code to inject malware on the phone and take control of it without victim’s knowledge.
Since the bug is triggered while not a lot of user interaction. associate application solely has to load a picture a selected means. Triggering the bug is as easy as receiving a message or email from somebody. Once that application makes an attempt to analyze the image (which was done automatically), the crash is triggered.
According to Strazzere(a security expert), attackers could develop a simple exploit inside an image to target a large number of vulnerable Android devices.
Strazzere crafted exploits for the affected devices and found that it worked on Gchat, Gmail. Most other messenger and social media apps, though he did not disclose the names of the other non-Google apps affected by the flaw.
When will we expect a Fix?
All versions of Google’s operating system from Android 4.4.4 to 6.0.1 are vulnerable to the image-based hack. Except today’s update that fixed the vulnerability.
The investigator even with success tested his exploits on one or two of phones running android 4.2. alternative android devices found that the devices stay unpatched. going away an oversized variety of users of older automaton devices exposed.
So, if you’re not running Associate in Nursing updated version of software and/or device. you almost certainly square measure at risk of the image based mostly attack.
Google has given a patch to mend this issue. however given the shaky history of handset makers and carriers rolling out security patches. it’s not far-famed however long the businesses can go for update vulnerable android devices.
Google rewarded Strazzere with $8,000 as a part of the company’s android bug bounty program.