A security research company (Zimperium) claims to have found a vulnerability baked into Androids that could endanger nearly all devices running the popular mobile software. The bug is able to infect phones without users actually opening anything themselves.
Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received. a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera. This is likely the biggest smartphone flaw ever discovered. It affects an estimated 950 million phones worldwide — about 95% of the Androids in use today.
Zimperium said it warned Google about the flaw on April 9 and even provided a fix. But it’s been 109 days, and a fix still isn’t largely available. That’s why Zimperium is now going public with the news. Google’s cooked up a fix, but someone else has to serve it to you. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There’s phone carriers — like AT&T and Verizon — and makers of physical devices — like Samsung — all of which need to work together to issue software updates.
According to Zimperium’s blog, it will show exactly how Stagefright works and can be exploited at the Black Hat hacker conference in Las Vegas, which starts August 1.
sources: cnn.com; cnet.com; huffingtonpost.com