Threat of the month: Stagefright

Stagefright

What is it?  

An atomic bomb in the world of vulnerabilities, Stagefright is a flaw deep in the libstagefright library, which enables the Android OS to process video files. The bug resides on hundreds of millions of phones. 

How does it work? 

The attacker sends multimedia messaging service (MMS) with specially crafted video that can be processed by some applications even without users opening the message. Unbeknownst to the end-user, the malicious video could take advantage of a buffer overflow allowing the attacker to compromise your phone.

Should I be worried?

Yes. This took a while to patch, and the patch isn't perfect. It's still exploitable. Someone exploiting the flaw could have a large pool of victims. We should all worry a bit when Google cannot be responsive with a complete fix for security vulnerabilities that impact so many people.

How can I prevent it? 

Disable MMS on your Android. Always be sure to update your software as soon as fixes are available. 

You must be a registered member of SC Magazine to post a comment.
close

Next Article in Threat of the Month

Sign up to our newsletters

TOP COMMENTS