Posts in "Threat Research"

Zimperium Applauds Google’s Rapid Response to Unpatched Kernel Exploit

On March 15th, Zimperium’s zIPS Mobile Threat Protection solution identified a zero-day mobile attack and its zLabs research team immediately reported the exploit to the Android Security Team. The reported attack is delivered via a publicly-available rooting application, KingRoot, using an unpatched local elevation of privilege vulnerability in the kernel reported as CVE-2015-1805. Affected devices are … Read More

Reflecting on Stagefright Patches

42.84% of Android devices tested are vulnerable to CVE-2015-3864. Although Google issued an update to the Hangout app that disabled automatic processing of media files, we know that CVE-2015-3864 can be exploited remotely and reliably via the browser. The number of Android devices is estimated to be between 1.4 and 2 billion. Scaling our statistics … Read More

Triada Gets Tripped by Zimperium’s z9 Engine

Triada, a modular, stealthy and persistent Trojan targeting Android devices, was recently seen in the wild and reported on March 3, 2016. It, like so many others that we see daily, actively uses root privileges and operates silently to take over a device. Triada is primarily propagated through malicious applications that users download/install from untrusted … Read More

Experts Found a Unicorn in the Heart of Android

By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck)Nikias Bassen Follow Nikias Bassen (@pimskeks) UPDATE: Zimperium’s Mobile Threat Protection customers are safe from this threat, even without updating the device to the latest Android version. Companies that have reasons to believe that they are under active Stagefright attacks, should contact us ASAP at stagefright-urgent@zimperium.com Zimperium … Read More

What Verizon Missed in the Latest Threat Report

By: Zuk Avraham, Joshua Drake, Yaniv Karta, Jimmy Shah (To download the detailed report, click here) Recently, Verizon published a report that says that malware on mobile is not an issue. We strongly suggest Verizon and other enterprises not underestimate the scale of one percent. The sheer number of mobile devices deployed mean that one … Read More