All it takes is one text message or an MMS to your Android phone as you sleep and hackers can access everything on your device even before you realize it.
A bizarre and dangerous bug that affects nearly up to 95 percent Android devices, ‘ Stagefright’ was first discovered by US information security company Zimpherium who informed Google about the security flaw. In a statement, Zimpherium’s Z team said, “Built on tens of gigabytes of source code from the Android Open Source Project (AOSP), the leading smartphone operating system carries a scary code in its heart. Named Stagefright, it is a media library that processes several popular media formats. … [Drake] discovered what we believe to be the worst Android vulnerabilities discovered to date …. multiple remote code execution vulnerabilities that can be exploited using various methods, the worst of which requires no user-interaction.”
The flaw was discovered by Joshua Drake from Zimperium zLabs inside the source code for AOSP, the Android Open Source Project. The issue will be put forward at the at next week’s Black Hat security conference in Las Vegas. According to Drake, “Android and derivative devices after and including version 2.2 are vulnerable. Devices running Android versions prior to Jelly Bean (roughly 11% of devices) are at the worst risk due to inadequate exploit mitigations.”
So how does Stagefright work? If the attacker has your mobile number, they can remotely send a code through a special media file sent via MMS to invoke an Android service called Stagefright. The message could even be deleted before you see it. The receiver does not have to click on the message or do anything to allow the hack to work. Just the fact that the message is delivered to your device is enough to hack your phone with a Trojan.
Since then Google issued a statement saying it had patched the problem but the patch cannot take effect till millions of phones are put through a software update distributed by hardware manufacturers and mobile operators.
In its statement Google said, “We thank Joshua Drake for his contributions. The security of Android users is extremely important to us and so we responded quickly and patches have already been provided to partners that can be applied to any device. Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device. As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we’ll be releasing it in open source when the details are made public by the researcher at Black Hat.”