Stagefright code flaw opens 95% of Android devices to hacks
MANILA, Philippines – Some 950 million Android devices – 95% of the Android devices in the world – are at risk of an attack from a multimedia text, described as the "worst" Android vulnerabilities to date.
Six critical vulnerabilities in Stagefright, a media playback tool in Android, leave devices running Android 2.2 Froyo and higher in trouble.
Joshua J. Drake of Zimperium zLabs explained on Monday, July 27, what their blog post termed as "the worst Android vulnerabilities discovered to date."
If an attacker knows your mobile number, they can "remotely execute code via a specially crafted media file delivered via MMS."
Zimperium added: "A fully weaponized successful attack could even delete the message before you see it. You will only see the notification. These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."
In an interview with Forbes, Drake further explained that the type of MMS application in use can also affect whether or not you even see the notification. When the exploit code was opened in Google Hangouts, it would “trigger immediately before you even look at your phone...before you even get the notification,” Drake said.
Because of this, an attacker could delete the message while you were sleeping, keeping you unaware that you had been attacked at all.
Further exploits could be chained as secondary commands following the first attack. Such chained exploits would give an attacker more access to phone functions and data.
The Stagefright vulnerability was assigned with the following CVEs (Common Vulnerabilities and Exposures):
Aside from the patches applied internally to Google's code branches, it seems manufacturers of Android devices, Google included, have yet to make a patch available to users.
Drake will explain what he found in more detail at the Black Hat and Defcon security conferences happening in Las Vegas next week. – Rappler.com
Android phone image from Shutterstock
In these changing times, courage and clarity become even more important.
Take discussions to the next level with Rappler PLUS — your platform for deeper insights, closer collaboration, and meaningful action.
Sign up today and access exclusive content, events, and workshops curated especially for those who crave clarity and collaboration in an intelligent, action-oriented community.
As an added bonus, we’re also giving a free 1-year Booky Prime membership for the next 200 subscribers.
You can also support Rappler without a PLUS membership. Help us stay free and independent by making a donation: https://www.rappler.com/crowdfunding. Every contribution counts.