Skip to main content

Stagefright: The Show Must Go On

July 29, 2015

Back in April, Joshua Drake at Zimperium zLabs discovered that Android carries one of the biggest flaws ever found in Google’s mobile operating system. The flaw is within Stagefright, an over-permissioned media processing mechanism that will automatically pre-load various media types received by the device. In this case, the user receives a malicious video or picture via MMS (text message) that Stagefright will process without any interaction by the user. The malware that is loaded onto the device can then delete the original infecting MMS message, except the notification, which is typically dismissed by the user.

The flaw is found in all versions of Android back to 2.2, which has put nearly one billion devices at risk, but the level of risk can vary as certain devices provide Stagefright system level access. Once the exploit is complete, the malware can access the user’s saved media files (or worse, on certain devices), and can also enable the microphone and camera without the user’s knowledge.

Zimperium has already sent patches to Google, which is currently working on a mass deployment plan. However, if a device is more than two years old, it is not likely to receive a patch. End users are encouraged to contact their device manufacturer and/or cellular carrier to confirm if their device will receive an update. This threat has put yet another bright spotlight on the emerging threats to mobile devices that are not deemed “compromised” in the traditional sense of being jailbroken or rooted. Every organization should treat their fleet of mobile devices as vulnerable endpoints, and should deploy them with a solution that can detect new, advanced threats.

Related Blogs

March 14, 2018

Observations on Smoke Tests – Part 1

Smoke testing in the traditional definition is most often used to assess the functionality of key software features to determine if they work or perfo...

See Details

January 31, 2014

SDN APIs: A New Vocabulary for Network Engineers

Whiteboards and slides have been instrumental for networking discussions for a long time! Color-coding markers and those fancy “glass whiteboards” are...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

May 09, 2018

Application Security

Learn how Optiv can help protect your most critical enterprise applications from both internal and external threats.

See Details

February 22, 2016

Uncovering Hidden Vulnerabilities Through Pen Testing

Creating a secure environment and a strategy for the future.

See Details

May 05, 2011

Mobile Security Universal Issues | Optiv

It seems everywhere I go I’m having interesting conversations with senior level government officials regarding mobile security.  A lot of these conver...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.