95% of Android Devices Were Affected: Trend Micro

95% of Android Devices Were Affected: Trend Micro

The interconnectivity of technology has led to a point where many devices are potentially vulnerable, and in the third quarter, the real world impacts of cyberattacks became clear. The Stagefright vulnerability affected nearly 95% of all Android devices out there. In total, five different vulnerabilities in media processing in Android were attacked this quarter.

Stagefright22 (CVE-2015-3824), which allows attackers to install malware on affected devices by distributing malicious Multimedia Messaging Service (MMS) messages, reportedly put 94.1% of Android devices (as of this July) at risk. We also found a bug that could render Android phones silent and unable to make calls or send text messages23. Reports said more than 50% of Android devices (as of this July) were vulnerable to this flaw. Another critical Mediaserver vulnerability (CVE-2015-3823)25, which could cause devices to endlessly reboot and allow attackers to remotely run arbitrary code, was also found.

At that time, 89% of Android devices were susceptible to exploitation. CVE-2015-3842, which could allow remote code execution in Mediaserver’s AudioEffect component, also figured in the landscape thisAugust26.

In response to the recent spate of Android vulnerability discoveries, Google finally announced regular security updates for the platform. We have yet to see how the platform’s current state of fragmentation will affect this plan. Security patches may not be able make their way to all devices without the support of manufacturers and carriers, rendering them vulnerable to exploitation. Android’s Mediaserver component, which handles media-related tasks, recently became and is likely to remain an active attack target. This past quarter alone, we’ve seen attackers exploit at least five vulnerabilities in the service.

Related Stories

No stories found.
logo
DIGITAL TERMINAL
digitalterminal.in