What is stagefright?
“Stagefright” is the name given to a potential exploit that lives fairly deep inside the Android operating system itself. The gist is that a video sent via text message could be theoretically used as an avenue of attack through the libStageFright mechanism which helps Android process video files. Many text messaging apps like Google’s Hangouts app was specifically mentioned — automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it. The libstagefright engine is used to execute code which is received in the form of a malicious video via MMS, thus requiring only the mobile number of the victim to carry out a successful attack.
How serious is stagefright?
Zimperium Research Laboratories conducted a research and found out that stagefright exploit exposes 95% of android devices to this vulnerability since it affect devices running Android 2.2 and up especially devices prior to Jelly Bean 4.3. Again, the number of devices with the flaw in the libStageFright library itself is pretty huge, because it’s in the OS itself. But as noted by Google a number of times, there are other methods in place that should protect your device. Think of it as security in layers.
What makes stagefright different from other massive vulnerabilities
Other exploits were a bit manageable because it needs user interaction. While they are still “exploits” in the fact that a lot of harm can originate if used maliciously, the fact remains that Stagefright theoretically needs only a victim’s mobile number to turn their phone into a trojan and hence is being given so much attention in recent days. It has become the heartbleed of mobile since it is widespread and it is in the OS itself. The good news is that the researcher who discovered this flaw in Stagefright does not believe that hackers out in the wild are exploiting it.
The update dilemma
In addition to the planned OS and platform updates, Google has promised monthly security updates for most of its Nexus devices. Samsung also announced that it will work with carriers and partners to implement monthly security updates.OEM’s joining the pack include LG,Motorola which will fix the devices the company has made since 2013 and Sony which stated that its devices will soon receive the patches too.
The harsh truth which we can not denie is the effect stagefright has impacted on the world of android but this has been nothing but a wake up call towards Android and its problem of fragmentation and updates.It has shown its weakest points especially in fixing a problem in multiple million devices at a given time limit.While OEM’s are trying to roll out the numerous problems the truth is it will be limited to the recent devices much worse to the smaller OEM’s.
From what we have seen there is no elegant way to fix this problem, there will always be some shortcoming in the reach of fixes.Keeping track on the status of each device’s security would be a very gigantic task.At the end of the day everyone will be on the know. Click here to download stagefright checker