Connect with us

Hacking

How to Avoid the Stagefright Vulnerability in Android

Published

on

Android phones occupy the biggest share of cell phones in the market. At around 80%, Android devices are the most widely used phones worldwide. However, Android is susceptible to an appalling vulnerability that could cause serious damage to a user’s data as well as his device.

There is a minor but albeit dangerous glitch in the Android system installed on all Android devices, which grants attackers and hackers an easy passage into a user’s device. This small yet utterly dangerous vulnerability is called Stagefright.

What is Stagefright?

Stagefright is a component in Android devices which is used in multimedia handling. The component is granted system permissions in most Android running devices, which is only one level below root access. This fact alone is enough to open peoples’ eyes about the dangerous threat of Stagefright on Android devices.

All it requires is a little exploitation on the attacker’s behalf, and the user’s Android device is left hanging in the balance. The most astounding fact about the reality of Stagefright’s seriousness is the simplicity and effortlessness of the method to exploit it.

How does a Stagefright Attack Works?

Stagefright component of Android devices is generally exploited via MMS or multimedia messages. 95% of Android devices download incoming multimedia messages automatically in the user’s inbox without prompting him or her for the download. Upon downloading of the multimedia, all it takes for the attack to take effect is that the user opens the message. It is that simple to exploit the vulnerability.

What’s more is that there are other, equally simple, ways to go about triggering Stagefright attacks in Android devices. The fact that Stagefright is a multimedia handling component makes even web pages, that have multimedia looking to exploit Stagefright, viable entry points into the user’s device. If the user simply visits the web page that has that particular multimedia file, it’s game over.

How to Avoid Stagefright Vulnerability in Android

Although it is really simple to trigger a Stagefright attack, there are no fool-proof strategies to guard your device against it. Nevertheless, there are a couple of methods which can help you with defending yourself to a certain degree. They are:

  1. Disable the auto-download multimedia option in your device to ensure that multimedia messages containing Stagefright isn’t downloaded to your device automatically. It is also smart to check the receipt of all multimedia messages. You never know if a friend’s phone has been compromised by Stagefright.
  1. Developers could come up with a security patch to tackle this problem. Although this seems a straightforward and long-term solution, it is hardly so. Google Play Store does not host or allow anti-virus applications to run with system permissions. Coming up with an app or security patch that could help prevent Stagefright would mean revamping the policies and structure of the Google Play Store. Although this has been done on some occasions for necessary security patches, it just might prove to be too much work. There are reports, however, that high-end devices can expect a security patch release for Stagefright soon.

Conclusion: What can you do?

Stagefright is a really dangerous threat to all Android devices. The first thing you need to do is to be aware of the threat. The two ways discussed above can help you in preventing your device from Stagefright to a certain extent. There are applications which can test whether your device is at risk of Stagefright. You can simply run the tests and then decide whether to go for the methods discussed above.

Image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a master degree, now he combines his passions for writing about internet security and technology. When he is not working, he loves traveling and playing games.




Feedback or Requests?

Altcoins

Ledger Making Major Announcement On January 7 as the Case for Cold Storage Grows

Published

on

2017 was a breakthrough year for cryptocurrencies.  Many traders were able to generate incredible, life-changing profits.  And while not everyone was able to maintain those profits, the excitement led many to seek out the safest ways to protect their assets.  Even now, after experiencing a massive drop in crypto valuations, asset protection is still a major issue.  This is especially true given all the wallet and exchange hacks that have occurred during the past 12 months.  A few of the most notable hacks that have occurred are:

  • Coincheck – January 2018 – $530 million loss
  • BitGrail – February 2018 – $195 million loss
  • Bithumb – June 2018 – $31 million loss

These are just a few examples of significant losses that have crypto traders have suffered.  A report from blockchain security firm, CipherTrace, estimated that hackers stole $927 million from cryptocurrency related platforms during the first nine months in 2018.  Although the lack of regulation is normally cited as a benefit by cryptocurrency proponents, it also creates major security concerns for those with valuable crypto portfolios.  So, what’s the best way for traders to protect themselves?  Cold storage.

What is Cold Storage?

The one place that traders should not keep their assets is direct on the exchanges.  Given all the exchange hack attacks, especially the ones cited in this article, a better option is available.  Cold storage means keeping digital assets offline (i.e. away from internet access).  By storing assets offline, the assets are significantly less susceptible to being hacked and/or stolen.

While there are several cold storage options available, the two most popular are the Ledger Nano S and the Trezor.  Although the Trezor hardware wallet was designed by the highly respected SatoshiLabs, the Ledger Nano S has emerged as the most popular.

Ledger Nano S

The Ledger Nano S is the most widely used multi-currency hardware wallet in the cryptoverse.  It’s the only hardware wallet that features a secure chip with a custom operating system.  While many other hardware wallets do contain a “simple chip,” the Ledger Nano comes with a “smartcard chip.”  This smartcard chip is used for applications that require extreme measures of security such as passport biometric data and credit card details.

Since its inception in 2014, the company has grown by leaps and bounds.  The Ledger Nano now supports over 1,100 currencies thanks to its compatibility with other mainstream wallets such as MyEtherWallet and MyCrypto.

Major Announcement on January 7

Ledger is known for being on the cutting edge of blockchain and crypto security.  Therefore, many expect the announcement this coming Monday to be a big deal.

While it’s not yet clear what the announcement is regarding, many are speculating on the possibility of a new and improved Ledger device.  Perhaps one that comes with additional storage capacity and an enhanced screen.  A few reddit posters even mentioned the possibility of fingerprint authentication which, would be quite interesting.

Another hint that an improved device is coming is the fact that Ledger is currently offering a 30% discount on Ledger Nano S wallets.

Conclusion

I’m not sure yet what the announcement will be but I’m certainly eager to find out given that I’m a huge fan of their products.  While the Ledger Nano S is my go-to cold storage wallet, it isn’t perfect.  There are things I would love to see improved and fingers are crossed that Monday will be when that happens.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.8 stars on average, based on 24 rated posts




Feedback or Requests?

Continue Reading

Cybersecurity

DarkOverlord Hacker Group Demands Bitcoin Ransom or 9/11 ‘Truth’ Will be Revealed

Published

on

The hacker group known collectively as thedarkoverlord has revealed itself to be in possession of highly sensitive stolen documents pertaining to the truth surrounding the events of September 11th, 2001.

The group hacked the private databanks of global insurance firms such as Lloyds of London and Hiscox Syndicates Ltd, and have demanded an unspecified sum in Bitcoin in return for not making the files public.

TheDarkOverlord

The hacker group have a long and ‘successful’ history of high-profile attacks against various corporate entities. Not all have been benevolent, such as the attack on a medical center which acquired sensitive patient data and then demanded payment for its removal from public view.

In 2017 the group hacked Netflix servers and stole an entire new season of Orange Is The New Black, which was then posted online before its release date.

The current batch of documents arrived as a result of a previous blackmail effort against insurance group Hiscox Syndicates Ltd. After Hiscox paid the hacker group to keep sensitive documents quiet, the insurance firm reneged on their part of the deal and got the authorities involved.

This made thedarkoverlord re-double their efforts against the firm, and now threaten to sell everything they have to the highest bidders. This is all according to a pastebin post by the group which details, and brags about, recent events.

9/11 Truth

According to the post, the majority of the documents are files which were supposed to be routinely deleted by insurance firms after their inspection. These files were not deleted, however, and the group have already released photographs of internal documents from the period directly following 9/11.

“What we’ll be releasing is the truth. The truth about one of the most recognisable incidents in recent history and one which is shrouded in mystery with little transparency and not many answers.”

The treasure trove of documents, which number 18,000 and are currently posted publicly but heavily encrypted, also draw from the internal communications at Silverstein Properties – the owners of the World Trade Center real estate.

The group’s motives are not easily ascribed, as evidenced by this statement welcoming bids from anyone and everyone, including terrorist groups:

“If you’re a terrorist organisation such as ISIS/ISIL, Al-Qaeda, or a competing nation state of the USA such as China or Russia, you’re welcome to purchase our trove of documents.”

The Pursuit of Internet Money

The group claim that they have no political motivations whatsoever, and do what they do purely in the pursuit of…

“…Internet money. (Bitcoin)…”

Details on how to access the files are posted in the pastebin document. Individuals who think they might be associated with the documents are also offered the chance to pay in BTC to have their names redacted before release.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 147 rated postsGreg Thomson is a full-time crypto writer and digital nomad. He eats ICOs for breakfast and bleeds altcoins. Wherever he lays his public key is his home.




Feedback or Requests?

Continue Reading

Altcoins

EOS Price Forecast: EOS/USD Heading for Another 300% Move?

Published

on

  • EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern.
  • The price is moving around levels seen back end of March to early April, before a bull run of over 300%.

The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend.

EOS DApp Hacked Again

An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities.

Technical Review – 4-hour Chart View

EOS/USD 4-hour chart

EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity.

Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory.

April 2018 Bull Run

EOS/USD April bull run

In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today.

Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 126 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending