News
News Categories

Own an Android device? You're probably vulnerable to the Stagefright hack

By Salehuddin Bin Husin - on 28 Jul 2015, 12:09pm

Own an Android device? You're probably vulnerable to the Stagefright hack

 Threepio says it best.

Stagefright, it seems no longer applies to performers or public speakers. Android users are feeling the fear too. A recent exploit for the OS has recently been brought to light and it's stated to be even more devastating than last year's Heartbleed.

All a hacker needs to do to gain access to your phone is simply to MMS it. That's it. Depending on your MMS client, you don't even need to open the MMS to be affected.

Zimperium Labs discovered and reported the bugs to Google earlier in the year and while Google has sent out patches to its partners, it's unknown how many of them have actually rolled out patches for the vulnerability.

Stagefright is a media playback engine embedded in the Android OS itself, which means you can't just remove it like any normal app. While the Stagefright exploit isn't devastating by itself, once executed, it opens up the hacked Android device for the hacker, who can then run even more malicious hacks that open up access to even more parts of the hacked device. Stagefright is basically the first step to a world of hurt.

In a statement to Forbes, a Google spokesperson has said that, “Most Android devices, including all newer devices, have multiple technologies that are designed to make exploitation more difficult. Android devices also include an application sandbox designed to protect user data and other applications on the device,”

While newer Android devices have additional protection and make the exploits harder to execute, they still aren't totally safe and those running Android versions prior 4.1 are particularly vulnerable to the exploit. Older phones like the Samsung Galaxy S4 and the LG Optimus Elite are especially vulnerable too, as the exploitable processes run with system level privileges, which means once you're hacked, the hacker has total access to your device.

Even if you're not on Android 4.1, the exploit can still affect you and there's really nothing you can do about it except wait for a patch from your device's manufacturer.

While most of the news is all doom and gloom, there are some bits of good news. Mozilla's Firefox, which also uses Stagefright, has patched out the vulnerabilities. Also, Android users below Android version 2.2 aren't affected.

Let the wailing and gnashing of teeth begin.

Source: Forbes

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.