Zimperium the mobile security firm that first detected Stagefright, a major Android vulnerability that allows hackers to take over your smartphone,announced Wednesday that every developer out there an now have a look at the attack code used in the hacks.
Nevertheless, the problem is far from over since Google, device manufacturers, and mobile carriers struggle to issue patches for hundreds of millions of customers worldwide. A recent report showed that nearly 1 billion Android devices were at risk of being hijacked through the said vulnerability.
The vulnerability is hidden within the core of Android in a media file called libstagefright. If hackers manage to get their hands on the file and and use the Stagefright attack code to tweak it they can run malicious programs on the hacked smartphone and even gain control of it. And, there’s no easy way to fix it.
The flaw in the security was first reported by Zimperium in April, but it was first made public in mid-summer. In the meantime, Google developers worked day and night to find the most suitable solutions and providing them to their partners.
In late July, Android users were recommended not to run video MMSs from anonymous senders. They were also encouraged to disable any preview mode, autoplay, and the Google Hangouts feature for SMS. Some users went even farther and disabled auto download for MMS, as well.
In the meanwhile, Zimperium released and app that can scan your device and report back whether it is infected and whether the headseat was patched against the security flaw or not – the Stagefright Detector App.
Google issued a patch for Nexus deices in early August, but any other Android-powered smartphones are still at risk, including Samsung’s Galaxy S6 and Galaxy S6 Edge. Security experts cautioned not to open video attachments from anonymous senders and to disable the “Auto Retrieve MMS” option in Google’s Hangouts because the feature automatically runs the video and infects your phone.
But unlike Apple, Android market is too fragmented for a quick response in such emergency situations. Apple usually releases patches that all iPhone users can access. In Android’s case, manufacturers need to take patches from Google and distribute them to their consumers. But that takes time and raises compatibility issues.
This is way, patches that promised to fix Hangouts and Messenger’s automatic processing of video MMS were only a partial solution because they closed the main door hackers could use to hijack a phone but they let other tiny portals open including malicious programs that a user can get while accessing an infected webpage.
Image Source: Wikimedia