stagefright-hack-android

While it is true that any computer, and smartphones are computers, can be hacked, some hacks are both frighteningly easy and powerful. Although details about Stagefright won’t be presented publicly until next month’s Blackhat and DEF CON conferences, versions of have already appeared in the wild.

Do you know the name Joshua Drake? If you own an Android powered smartphone or tablet, chances are you will never forget it.

Joshua Drake works for security outfit called Zimperium zLabs and he will be demonstrating the shockingly easy and powerful Stagefright Android exploit at next month’s Blackhat and DEF CON hacker conferences.

How bad is it? Of the 1 billion Android devices currently operating in the wild, some 950 million or 95 percent are vulnerable to the Stagefright hack.

“I’ve done a lot of testing on an Ice Cream Sandwich [Android 4.x] Galaxy Nexus… where the default MMS is the messaging application Messenger,” Drake told Forbes. “That one does not trigger automatically but if you [look] at the MMS, it triggers—you don’t have to try to play the media or anything, you just have to look at it.”

Drake’s employer calls Stagefright “the worst Android vulnerability in the mobile OS history,” adding that it “much worse” than the Heartbleed exploit.

Although details about Stagefright are still sparse, in some cases, a user needn’t even look at an infected MMS message — it can infect an smartphone when Messages app is running in the background.

For what it’s worth, Google has issue incomplete patches and a second set of patches is due for release. However, as the vast majority of Android users purchase carrier specific handsets, most users won’t get the updates until weeks or months later.

Additionally, it is unlikely that Google will issue Stagefright security updates for devices running older, vulnerable versions of Android…

What’s your take?