Stagefright is the term for a vulnerability that can affect 95% of all Android smartphones on the market (an estimated 900 million plus number). Joshua Drake from Zimperium Mobile Security states that this newest vulnerability that has been discovered for Android phones is the most severe yet. The vulnerability was found in the Stagefright native media playback tool found on those devices. Since this comes already programed on your Android before you receive it, you may not be aware that this is the program that is being used for video playback.
A hacker would send you a text on your mobile device. Normally you would have to click on a link to open a phishing text but in this case it will download without your interaction. Because the hackers can delete the bad text before you see it, you may not even know that you’re were infected. The bad guys can now steel your data from sections of your phone that Stagefright has access to. They will now have access to see such items like e-mail, audio and video recordings, your photos, and other info that may be stored on your SD card.
This hack is so nasty that they can send the exploit package to your “google hangout” account and you can be infected without even clicking on a link. The bad guys can also delete the message so you would never know you were at risk. The total irony is that researcher have found that no one really seemed to have used this exploit.
Google was made aware of this exploit and said that they sent the patch out May 8th 2015 to deal with this issue. Carriers like Verizon and others states that they implemented the patch May 15 th of this year, this does not mean that the end user has necessarily received the update, but it should not keep you up at night worrying about it. Just make sure your phone has the latest operating system on it.
F1 Solutions
Security Team