Skip to main content
March 17, 2016

Today's AppSec News: New Android Vulnerabilities

In today’s news, millions of Android users may be at risk from another "Stagefright" security flaw, Islamic State hackers posted a "kill list" of Minnesota cops and an Android vulnerability could allow for “easy” root access.

New 'Metaphor' Android Virus Can Hack Samsung, LG and HTC Phones in 15 Seconds

Millions of Android users may be at risk from another "Stagefright" security flaw after researchers say they have made a working exploit that can remotely take control of a device and spy on victims in under 20 seconds.

Dubbed "Metaphor" by the Israel-based security firm NorthBit that created the exploit, it can give hackers the ability to inject malware that could copy, steal and delete data on the device, take over the smartphone's microphone and camera for spying purposes and even track a user's movements via GPS, reports The International Business Times UK.

Islamic State Hackers Publish 'Kill List' of Minnesota Cops

The hacking arm of ISIS has published a "kill list" of 26 Minnesota police officers, exposing their full names, addresses and contact details. 

"The 'wanted' list was posted to encrypted mobile messaging app Telegram following a cyberattack on Minnesota law enforcement and singles out officers as targets, website Vocativ discovered after a routine trawl of the deep web. The information of each policeman appears on the app as 'cards' with their personal information displayed over an image of armed Isis militants in the background. The intention of the list is to alert Isis supporters and members to the identities of the officers they want to 'kill' but is more likely to be a piece of propaganda intended to scare," reports the International Business Times.                                                                                                                 

Android Vulnerabilities

Trend Micro discovered vulnerabilities in the Android operating system that could allow hackers to gain root access. “According to Trend Micro, the flaws affect Android devices with Snapdragon system-on-chip (SoC) processors including the Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge,” reports SCMagazine. “The two bugs, cited as CVE-2016-0819 and CVE-2016-0805, can be used to gain root access on a Snapdragon-powered Android device.”

All it takes to exploit the vulnerability is a malicious app. Although the flaws have been addressed, fragmentation of the Android ecosystem means that hackers could still be able to take advantage of the flaws.

“Given the fragmented nature of vulnerability patching in the mobile and Internet of Things (IoT)  space, many users will not be able to receive the needed security update and may continue to be at risk of, among others things, information exposure,” said Wish Wu, mobile threat response engineer at Trend Micro, in a blog post.

Eric manages global public relations at Veracode. In this role, he manages all facets of the company’s PR efforts. He brings more than 13 years’ experience in the industry. Prior to Veracode, Eric ran public relations activities for CyberArk across the US, EMEA and APJ.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.