Android

Meet 'Stagefright', the worst Android vulnerability in mobile OS history

Mihai A.
posted by Mihai A.
Jul 27, 2015, 12:35 PM
Meet 'Stagefright', the worst Android vulnerability in mobile OS history
A team of mobile security researchers claims that about 950 million Android smartphones and tablets across the globe are subject to a critical vulnerability. According to their report, attackers can use this vulnerability, nicknamed Stagefright after the source of the issue, to take control of your device through a malicious MMS.

The vulnerability seems to be caused by insecure code contained within Stagefright, which has been Android's multimedia library since Android 2.2 FroYo came out in May 2010. Since Stagefright has been used for so many Android versions, the researchers claim that 95% of all Android devices currently out there manifest this vulnerability, but devices running pre-Jelly Bean versions of Android, or about 15% of active Android devices, are the most vulnerable. The researchers who have discovered the vulnerability claim that 'Stagefright' is "the worst Android vulnerabilities [sic] discovered to date".

According to researchers at Zimperium Mobile Security, attackers can get an Android device to execute code remotely by sending an MMS which the Android system believes to contain a video. In some of the most vulnerable scenarios (devices running pre-Jellybean Android versions), the user doesn't even have to open the MMS for the hack to work, and skilled attackers could also remove the MMS once the damage has been done. 

In other words, you can go to bed one night, and when you wake up, all you'll notice is a notification for an unread multimedia message that has been deleted in the meantime. Without you knowing it, an attacker could have gained access to the cameras, the microphone, and other sensitive data. Fortunately, due to the way Android sandboxes apps, the vulnerability doesn't expose all of your data, but still a lot of damage could come from such an exploit. 

Zimperium did not share all the details regarding Android's Stagefright vulnerability, but the team of researchers promised to discuss the bug in detail at the Black Hat USA conference on August 5 and at DEF CON 23 on August 7. The researchers did leave us with one glimmer of hope, claiming that there's no evidence of the vulnerability being exploited by anyone thus far.

According to Zimperium, Google was quick to come up with a patch for the vulnerability once informed of the vulnerable code's existence. But as it is often the case, Google is left helpless with deploying the patch to vulnerable devices. With the exception of Nexus and Google Play Edition devices, Google is not able to launch patches directly. Device manufacturers and carriers are the ones in charge with rolling out software updates, and experience tells us that some companies can take quite a bit of time to launch patches even for the most significant of vulnerabilities.

Hopefully, Android device manufacturers and carriers will recognize the severity of this vulnerability and will hurry to launch the patch for the new Stagefright bug/hack/exploit.

source: Zimperium via TheVerge

FEATURED VIDEO

Featured stories

Sony Xperia 1 II 5G release date confirmed, pre-order one for $1,200
Sony Xperia 1 II 5G release date confirmed, pre-order one for $1,200
Leaked Samsung Galaxy Note 20+ 5G renders reveal sleek design, updated camera bump
Leaked Samsung Galaxy Note 20+ 5G renders reveal sleek design, updated camera bump
Newest iPhone 12/Pro 5G leak details upgraded OLED displays
Newest iPhone 12/Pro 5G leak details upgraded OLED displays
Here's when the Google Pixel 4a will reportedly be announced & released
Here's when the Google Pixel 4a will reportedly be announced & released
The best iPhone to buy in 2020: from $399 to $1449!
The best iPhone to buy in 2020: from $399 to $1449!
Leaked photos allegedly show "rough" Samsung Galaxy Note20 CAD renders
Leaked photos allegedly show "rough" Samsung Galaxy Note20 CAD renders
OnePlus 8 Pro vs OnePlus 8
OnePlus 8 Pro vs OnePlus 8
iPhone gadgets - the cool, the weird and the silly
iPhone gadgets - the cool, the weird and the silly

Popular stories

Verizon is in hot water over its misleading 5G commercials following AT&T complaint
Verizon is in hot water over its misleading 5G commercials following AT&T complaint
T-Mobile explains the changes that you'll see at its reopened stores
T-Mobile explains the changes that you'll see at its reopened stores
Leaked Samsung Galaxy Note 20+ 5G renders reveal sleek design, updated camera bump
Leaked Samsung Galaxy Note 20+ 5G renders reveal sleek design, updated camera bump
Newest iPhone 12/Pro 5G leak details upgraded OLED displays
Newest iPhone 12/Pro 5G leak details upgraded OLED displays
Unlocked Sony Xperia 1 II with 5G support goes up for pre-order in the US at an exorbitant price
Unlocked Sony Xperia 1 II with 5G support goes up for pre-order in the US at an exorbitant price
Latest LG Poland TikTok involves pervert promoting Dual Screen accessory
Latest LG Poland TikTok involves pervert promoting Dual Screen accessory

Hot phones

Latest Stories

View more news
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless