Recently the security researchers discovered a new severe vulnerability that has the ability to make hackers take over your smartphone using just a simple image using ExifInterface.
Yes, it means that hackers can now remotely hack any Android device with the help of a single image.
Hackers Can Use A Single Image To Remotely Hack your Android Device
Owners of Android devices should be on alert because, innocent at first glance, the image obtained on the social network or messenger may compromise the privacy and security of your smartphone. On Tuesday 6th September 2016, Google has released the planned updates for Android, including correcting vulnerability “Quadrooter.” However, on September 1st, the company corrected the previously unknown critical vulnerability, which was discovered by the information security expert from SentinelOne Tim Strazzere.
Vulnerability reminds notorious Stagefright, allows to hack Android-powered device with a simple text message, the user may not even be aware of its receipt. Now, to carry out the attack, the attacker needs only to send a malicious picture. The user does not even need to click on it – until the phone analyzes the image data, the attacker can remotely and quietly gain control over the infected device.
Vulnerability CVE-2016-3862 is caused due to an error when processing EXIF-data capture in the Mediaserver application. “To exploit the vulnerability, it does not require much engagement of users, as it’s itself enough to make an application in a certain way to download the images. The vulnerability is as simple as like to get a message or email from someone. Once the application receives the image, it starts the image analysis, and this happens automatically.
“Since the bug is triggered without much user interaction – an application only needs to load an image a specific way – triggering the bug is as simple as receiving a message or email from someone. However, once that application attempts to parse the image (which was done automatically), the crash is triggered,” Tim Strazzere said.
According to the researchers, an attacker can inject the vulnerability in the sent image, which is a simple exploit to hack the victim’s device.
Tim Strazzere wrote that the exploit for vulnerable devices, and, as it turned out, it works for Gchat, Gmail, and most popular instant messengers and social networks applications. Additionally, the vulnerability affects all devices running the Android versions from 4.4.4 Kitkat to 6.0.1 Marshmallow.