Call it the digital sword of Damocles: Like some torturous situation out of an Edgar Allan Poe story, the entire world’s population of Android users is currently waiting with baited breath for Joshua Drake (Jduck) to release his claimed super exploit for Android. The famous security researcher claims his exploit can take advantage of 95% of all Android devices.
The actual exploit has yet to arrive, as it will be released formally at the Black Hat security conference in Las Vegas this coming week. It’s such a big deal that Jduck and Zimperium Labs (his security company) are hosting an exploit release party at the event. I’ve been in the security industry for almost 20 years now, and I have never heard of an exploit release party.
The core of the supposed exploit comes from libstagefright: a library in Android that handles the rendering of moving images. The result of this library having exploitable code inside of it is that Jduck has crafted an SMS message with a picture attached. Send that picture to someone, and even if they don’t look at the image, their phone is compromised with arbitrary code execution.
That’s a major downer for the Android community, and hopefully it won’t last long: an update to the included library could patch the arbitrary code execution exploit. But then, if we were all using the same phone, we could easily patch, right? Instead, we’re all using 10,000 different devices, and they’ll all require their own patch from the manufacturer.
In the somewhat less doom and gloom news category, Android Developer Conference will also be hosting some quality talks on the Android ecosystem. Keynote speaker Aparna Chennapragada, product director at Google, will be discussing the future of search and apps on Android, tomorrow.
Additional keynotes will be given from Qualcomm and Intel. Qualcomm will be discussing the benefits of using its Android development boards for protyping, while Intel will be discussing the advantages of Android on Intel.
Android Developer Conference kicks off today and runs through Friday.
Jul 29, 2015 12:06:38 PM