In today’s news, millions of Android users may be at risk from another "Stagefright" security flaw, Islamic State hackers posted a "kill list" of Minnesota cops and an Android vulnerability could allow for “easy” root access.
Millions of Android users may be at risk from another "Stagefright" security flaw after researchers say they have made a working exploit that can remotely take control of a device and spy on victims in under 20 seconds.
Dubbed "Metaphor" by the Israel-based security firm NorthBit that created the exploit, it can give hackers the ability to inject malware that could copy, steal and delete data on the device, take over the smartphone's microphone and camera for spying purposes and even track a user's movements via GPS, reports The International Business Times UK.
The hacking arm of ISIS has published a "kill list" of 26 Minnesota police officers, exposing their full names, addresses and contact details.
"The 'wanted' list was posted to encrypted mobile messaging app Telegram following a cyberattack on Minnesota law enforcement and singles out officers as targets, website Vocativ discovered after a routine trawl of the deep web. The information of each policeman appears on the app as 'cards' with their personal information displayed over an image of armed Isis militants in the background. The intention of the list is to alert Isis supporters and members to the identities of the officers they want to 'kill' but is more likely to be a piece of propaganda intended to scare," reports the International Business Times.
Trend Micro discovered vulnerabilities in the Android operating system that could allow hackers to gain root access. “According to Trend Micro, the flaws affect Android devices with Snapdragon system-on-chip (SoC) processors including the Nexus 5, Nexus 6, Nexus 6P and Samsung Galaxy Note Edge,” reports SCMagazine. “The two bugs, cited as CVE-2016-0819 and CVE-2016-0805, can be used to gain root access on a Snapdragon-powered Android device.”
All it takes to exploit the vulnerability is a malicious app. Although the flaws have been addressed, fragmentation of the Android ecosystem means that hackers could still be able to take advantage of the flaws.
“Given the fragmented nature of vulnerability patching in the mobile and Internet of Things (IoT) space, many users will not be able to receive the needed security update and may continue to be at risk of, among others things, information exposure,” said Wish Wu, mobile threat response engineer at Trend Micro, in a blog post.