Far be it for us to say ‘told you so’, but we are going to. At our security event this year ‘CloudBurst’, held at the very secure Tower Of London, we published our annual Threat Files, which contained our predictions for what might go the way of the pear (Pear Shaped) in the coming year.
We warned about the forthcoming weaponisation and sheer number of mobile vulnerabilities and advised you to be prepared. Mobile Mayhem we said.
And so it comes to pass. An Israeli Security Research outfit (we know, SURPRISE) called NorthBit has revealed that it has successfully exploited the StageFright vulnerability (see) and tested the warez against a broad range of Android devices, all of which rolled over and put their robot paws to the sky.
Not happy with researching this and proving it, NorthBit has published nothing less than a Ladybird guide to building your own Android exploit and even more cheekily tried to name their implementation of the exploit ‘Metaphor’. We are not sure if the Metaphor will stick, but we are certain that an excited generation of wannabe hackers will be reading the guide. You can too if you like. It is here.
Whilst we are absolutely certain that Nation States and properly serious hacking outfits have already successfully exploited StageFright, this publication opens the floodgates to idiots implementing exploits for whatever purpose and puts meeellions of Android phones at risk. With friends like these guys……
Google has released a patch for StageFright (‘libstagefright’), their core media-handling library, but unfortunately many providers do not roll out these patches automatically.
You can test your phone to see if you are vulnerable. The lovely boys and girls at techradar put this missive together which just about covers everything you need to know here.
If you allow Android devices to connect to your network, we highly recommend that you use technology to identify potentially vulnerable devices and either permanently exclude them, or move them to a very dark, very safe place where they have no access to company data.
ITC’s NetSure360° managed security service includes technology that can provide this functionality plus a lot more for all of the devices connecting to your network. We would love to demonstrate it to you. If you would like to know more, please contact us on: [email protected] or 020 7517 3900.