Sections

ideals
Business Essentials for Professionals

Stagefright exploit can compromise your android smartphone in 20 seconds


03/21/2016

A must read for Android Smartphone users. Knowledge is power.



The Android operating system has a vulnerability that you really need to be aware of so that you can protect yourself. Although theoretically lethal, its tedious elaborate to implement in a reliable manner.
 
A proof of concept exploit of the Stagefright vulnerability has been developed by NorthBit, a computer security research firm, that can compromise any Android phone running that isn’t running Android 6.0 Marshmallow.
 
The key to a successful attack is the back-and-forth procedure that initially scans the target and then goes for the attack. When you first visit a website containing a maliciously designed MPEG-4 video, the vulnerability will crash Android’s media server and send back the specifications of the target’s hardware back to the sender. The attackers then sends another MPEG-4 file that collects additional data. The third video file compromises the victim’s smartphone.
 
Although it sounds like many steps, in the real world, an attack can happen in as little as 20 seconds.
 
Although the vulnerability is most affective on smartphones running stock Android such as Nexus 5, for instance, it is known to work against custom ROMs such as those found in LG G3, HTC One, and Samsung Galaxy S5.

The only way you are safe is if you are running Androind 6.0 Marshmallow or any other operating system that has been patched against Stagefright.

The scary bit is that very few people are on the Marshmallow boat, most users are running Lollipop or earlier versions. As a rule of thumb if you have a relatively new device, your smartphone could be safe, however if it is more than five years old, it is definitely at risk.

Google has responded to the issue saying all users who have the October 1st, 2015 security update installed are safe from Stagefright.
 
The Google’s security bulletin states, "Android devices with a security patch level of October 1, 2015 or greater are protected because of a fix we released for this issue (CVE-2015-3864) last year. As always, we appreciate the security community's research efforts as they help further secure the Android ecosystem for everyone."