Android Mediaserver vulnerability looks similar to the Stagefright bug.
Android owners may recall the Stagefright bug, the “worst ever Android vulnerability yet discovered”. That malware exposed a billion (that’s nearly every) Android device on the face of the earth to malware.
The latest critical bug has similarities to Stagefright, but exists in Android’s mediaserver. Google warns that an attacker could use the bug to remotely run malware hidden in video or audio.
In an announcement published in the Nexus Security Bulletin for January, Google said it has fixed 12 vulnerabilities affecting Android versions 4.4.4 to 6.0.1. Five are rated as critical security bugs. Partners were notified about and provided updates for the issues on December 7, 2015 or earlier, said the post.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”
How to protect yourself from the Android bug
When it comes to security, it seems that Android has seen better days. A slew of vulnerabilities and threats have been cropping up recently, putting multitudes of Android users at risk. Certifi-gate and Stagefright are two threats that, when left unprotected against, could spark major data breaches.
Certifi-gate leaches permissions from other apps to gain remote control access
Certifi-gate is a Trojan that affects Android’s operating system in a scary way. Android devices with Jelly Bean 4.3 or higher are affected by this vulnerability, making about 50% of all Android users vulnerable to attacks or to their personal information being compromised.
What’s frightening about this nasty bug is how easily it can execute an attack – Certifi-gate only requires Internet access in order to gain remote control access of your devices. The attack takes place in three steps:
- A user installs a vulnerable app that contains a remote access backdoor onto their Android device
- A remotely-controlled server takes control of this app by exploiting its insecure backdoor
- Using remote access, Certifi-gate obtains permissions from others apps that have previously been granted higher privileges (i.e. more permissions) by the user and uses them to exploit user data. A good example of an app targeted by Certifi-gate is TeamViewer, an app that allows you to control your Android device remotely.
In an article recently published by TIME in collaboration with the Center for Plain Language, a selection of the world’s leading and regularly visited tech websites were ranked in a list in relation to their privacy policies. In short, they rated the companies based on the manner in which they communicated with the public while walking them through their privacy policies. In this case, it wasn’t the actual data that these companies collect from current and potential new users that was being analyzed. Instead, this study looked at the way in which that information is brought to the attention of these users.
Google is the most popular Internet search provider worldwide. The name itself has even become a verb: We don’t look online anymore, we Google everything. Moreover, we use plenty of Google products not even realizing how connected they are. Gmail, YouTube, Translator, Google Drive, Photos (the former Picassa), Play, as well as Google+. The integration of Google products has became stronger. Now we access our email, YouTube videos, images, documents, and social networks such as Google+ and YouTube using one log in and credentials. Therefore it is extremely important to ensure that all of accounts are set up correctly. Following our previous articles on Security on Social Media, on Facebook privacy, Graph search or your reputation online, let’s take a closer look at Google products with a special focus on privacy of your social account.
Security and privacy for your Google accounts
Google+ is a very specific social network, very often underestimated by the users. Most Google+ owners don’t even realize that they have an account on the social channel! You might not use it actively, but it is important to have your data and profile under control. So let’s start with the basics.
In the top right corner you can start editing your profile settings.
Go to the privacy section. One of the most important features here is a 2-Step Verification.
Our first “#useAVAST” Hashtag challenge is over and it’s time to announce the results. As always, YOU have proven what an engaged and creative community AVAST has. We’ve seen plenty of Facebook and Google+ posts and Tweets with your personal recommendations. It has convinced us that we should be giving you this opportunity more often, so Be free to expect some more fun.
As announced in the previous blog, we have selected winners in two categories:
- Most creative/funny recommendation
- Most convincing recommendation
All entries are valuable to us and we appreciate your inventiveness and always-willing-to-participate attitude! Congratulations to the winners! Please contact us at email@example.com to claim your 1-year license for avast! Premiere, our best-selling antivirus protection.
Bad Piggies, the spin-off game to Rovio’s wildly popular Angry Birds, hit the online stores last week, and following in its sizable wake were fake versions designed to install an aggressive adware program into Chrome browsers. Reportedly, over 83,000 Google Chrome users have been infected.
Cybercrooks found a niche because Bad Piggies is only available for Android devices on Google Play (free) or Apple devices ($0.99 for iPhone and $2.99 for iPad) on iTunes. Free versions of Bad Piggies that claimed to be from the creators of Angry Birds appeared on the Chrome web store shortly after the release. The top 3 listed are called Bad Piggies, but they are from different companies; padeba, gametc.com, and the HD version from HitsGames. They have over 13,000 downloads.
Reviews of the games reveal the anger and disappointment of Rovio fans. Read more…
It used to be that beta had a specific meaning. And I am not talking about Archimedes.
Beta once meant an early, test version of a program. Run it, play with it, and yes – you’ll find some bugs in there. Now thanks to Google, and its introduction of near-perpetual beta, the meaning has changed. And, this may be close to reality as one journalist told me last week, “Remember, people are beta, too.”
Hmmm, but as the journalist also pointed out, if a Google beta is essentially complete, then what is our new Android app – avast! Free Mobile Security? It’s out in beta form and it’s on the Google Market. As a dedicated punster, my first idea was to call it alpha-beta. But on a more serious note, I decided to talk to Ondrej Vlcek, our CTO, about what an AVAST Software beta is all about. So here it is: Read more…
Hello from Hong Kong, the city where the AVAR Conference 2011 is taking place. We, Lukas and Jan, are here to make a presentation on “Google Image poisoning”.
We arrived to Hong Kong on Monday after a long flight from Prague. From the moment we got off the plane we knew that Hong Kong is completely different from what we are used to in Prague. Not only is the weather different – winter in Prague but summer in Hong Kong – the cultures are also completely different. I think that it would be unfair to try to compare Asia to Europe, so let’s move on.
We were hungry when we got to our hotel and so we went for lunch. The lady at the Wharney Guang Dong hotel recommended us to a dim sum restaurant across the street. Well, I have to admit that it was really good advice. The place was spectacular and the food was delicious. We even ordered something called “duck web”. However, what we received wasn’t a web at all.
As you can see on the picture on the left. Honza (Jan) has a duck leg. It was quite a new experience to both of us, but… where is our web?
OK, let me make a long story short. We have a presentation at the AVAR conference at about Google Image poisoning. And there is a close connection between duck web and the poisoning. But, let me tell you, it’s quite difficult to write an article after midnight when you have jet lag and also after a welcoming drink with all the AVAR members. — So let me just fix the first sentence – there is a close relation between web and Google Image search poisoning attacks but … we’ll tell you more tomorrow after our presentation.
Fabricia, from Brazil, was a very lucky register user. She registered her avast! software and, as the 160,000,000th registration, won a trip to Prague. :) On top of it, she is going to get married soon, so AVAST Software will be a happy sponsor of her honeymoon in Prague. Typical for a Brazilian, Fabricia is sociable and friendly. So after exchanging plenty of messages and calling her (with great help from our Brazilian-Portuguese-speaking AVAST colleague, Marcus), we became friends on Facebook. (Here I should say OBREGADA to a Google Translator :). So when I saw Fabricias’ post, I couldn’t resist writing about it! We just sent the tickets we booked for Fabricia and her fiancé last week, which immediately was reflected on Facebook with a photo album “A honeymoon in Prague is confirmed” – with pictures of beautiful Prague! :)We are very much looking forward to meeting Fabricia and Eder in November. More than just for security, avast! Free Antivirus gives you the chance to win valuable prizes. For more info check our winners section.
My daughter went on a week-long school trip today morning. She and 30 other kids will visit Switzerland, France and Germany. It is school trip in Europe by bus and that means leaving early to avoid the traffic. I brought her to school at 5:30 am (yes, ‘am’ means morning!) and since our office is close by and it takes me 30 minutes to drive home … I figured I could just as well go to work early and avoid the traffic jam later. Read more…