It’s been exactly one year since Joshua J. Drake, our zLabs VP of Platform Research and Exploitation, disclosed Stagefright — one of the worst Android vulnerabilities to date. Stagefright impacted nearly 1 billion Android devices total, and up to 850 million devices remain vulnerable as of March 2016. Stagefright gives […]
On March 15th, Zimperium’s zIPS Mobile Threat Protection solution identified a zero-day mobile attack and its zLabs research team immediately reported the exploit to the Android Security Team. The reported attack is delivered via a publicly-available rooting application, KingRoot, using an unpatched local elevation of privilege vulnerability in the kernel reported […]
42.84% of Android devices tested are vulnerable to CVE-2015-3864. Although Google issued an update to the Hangout app that disabled automatic processing of media files, we know that CVE-2015-3864 can be exploited remotely and reliably via the browser. The number of Android devices is estimated to be between 1.4 and […]
Triada, a modular, stealthy and persistent Trojan targeting Android devices, was recently seen in the wild and reported on March 3, 2016. It, like so many others that we see daily, actively uses root privileges and operates silently to take over a device. Triada is primarily propagated through malicious applications […]
By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck)Nikias Bassen Follow Nikias Bassen (@pimskeks) UPDATE: Zimperium’s Mobile Threat Protection customers are safe from this threat, even without updating the device to the latest Android version. Companies that have reasons to believe that they are under active Stagefright attacks, should contact […]
By: Zuk Avraham, Joshua Drake, Yaniv Karta, Jimmy Shah (To download the detailed report, click here) Recently, Verizon published a report that says that malware on mobile is not an issue. We strongly suggest Verizon and other enterprises not underestimate the scale of one percent. The sheer number of mobile […]
By: Esteban Pellegrino, Zuk Avraham, Patrick Murray and Rachel Ackerly. Zimperium Mobile Security Labs have investigated during the last year a dangerous type of attack technique in the wild being exploited by attackers. Aptly named “DoubleDirect,” this attack is a type of “Man-in-the-Middle” attack (MITM) enabling an attacker to redirect […]
As 2014 inches to an end, Zimperium Mobile Security Labs researchers are actively preparing to stay one step ahead of attackers in the ever changing mobile security threat landscape. Due to the growing mobile device market, and the recent wave of attacks like Shellshock, Poodle, WireLurker and DoubleDirect, the Zimperium […]
Today we had the opportunity to see the engine of zIPS our Mobile IPS in action on a newly published vulnerability. As a reminder, we prefer complex problems, hence security on mobile devices is where we can think of out of the box ideas to solve security problems while […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox