Update your Android Phone NOW

There is a massive Android bug called Stagefright.

It’s being called the biggest Android flaw ever, it affected about 950 million devices.

It even has its own logo.

Hundreds of millions of phones are affected.

Above is a list of vulnerable devices.

That’s Adrian Ludwig, lead engineer for Android security at Google, speaking about Stagefright at Black Hat 2015.

The bug was discovered by Joshua Drake from the Zimperium security firm. He tells FORBES magazine,

“All devices should be assumed to be vulnerable. Only Android phones below version 2.2 are not affected.”

The Attack

Uses MMS (texting.) It installs with no user interaction required, scary.

A MMS message is sent > it contains a media file > that the phone opens automatically > which releases and installs the bug > MMS is deleted > no trace of attack

Watch the attack.

What can Stagefright do?

Turn on both the camera and microphone, and secretly record video and listen to conversations.

A level deeper, and it’s view photos; read the device’s email, Facebook and WhatsApp messages; access contacts and data; or use the mobile as a jumping-off point into the victim’s cloud applications.

The Defence

Google shut down some functions, that’s why the messenger app stopped auto-loading and thumbnails reverted to static-only. Nexus devices are being updated automatically over the air.

What you can do:

1 – update your phone

2 – disable “auto-fetching in MMS” to stop the media from auto-downloading. How to here.

3 – never open a photo, video or click a link, from someone you don’t know

4 – download Zimperium’s Stagefright Detector App for Android Devices 

Further reading – Zimperium’s blog post

From Black Hat 2015

Blog tag = Black Hat

 

 

A Test: Use only Voice Recognition to Control a Car

This week I conduct an experiment:

Automakers are touting, “control the car using just Voice Recognition, so it’s hands on always!”

So for 1 week, try to drive without removing my hands from the steering wheel, ever.

Rely solely on the wheel’s buttons to operate the cabin controls, and infotainment system.

(Conclusion: can’t)

Read it online at Autonet.

Favourite line:

Regardless of how you’re operating the infotainment system, your focus and attention are still taken elsewhere. 

Test conducted in a 2015 Chrysler 200.

About pairing my phone to a car for the 1st time – here

***

Back to ‘Keri on Driving’ – Index