Serious Android Exploit “Stagefright” Threatens 95% of all Android Phones
An exploit has been discovered that threatens over 95% of Android phones in existence. Unpatched phones can be attacked simply by sending a multimedia message. The attacks happen silently so that the user has no chance to save their data or know that their phone has been infected. It’s called Stagefright because it exploits Stagefright, a multimedia tool used by Android developers everywhere. The exploit was discovered by Joshua Drake, a mobile security researcher.
The exploit allows the attacker access to almost anything on the phone, and could also allow them to install software that could watch for things like credit card numbers.
Perhaps most ominous about this exploit is that the attacker can also erase all traces of himself by deleting the original message that was used to infect the phone. This can make it pretty difficult for anyone to learn anything about the attacks being conducted. Assuming that most of the attackers are going to be doing it with financial incentive, to steal identities, the hackers are likely to be careful not to damage the phone or make it obvious that there is something wrong.
Thus everyone should be advised to update their Android phones with the latest security patches. According to Drake, Google said they had issued patches for this vulnerability on May 8th. Many phones will still be vulnerable, however, since it is up to the vendor of the smartphone to ensure that it is updated. The Android smartphone market is overwhelmingly fractured, with numerous makes and models, and so it can be assumed that a fair chunk of these phones will remain vulnerable for a long time to the Stagefright exploit.
Images from Bloomua / Shutterstock.