Back to Blog
News & Trends

‘Stagefright’ Android Bug Attacks 950 Million Smartphones

9 min read July 28, 2015
Stagefright andriod bug hack
Share

Stagefright is a recently detected bug that is able to execute remote code on an Android phone with no more information required than a phone number. Joshua Drake from Zimperium Mobile Security discovered six + one critical vulnerabilities in the native media playback engine. He dubbed the weaknesses ‘Mother of all Android Vulnerabilities’. Drake said […]

Stagefright is a recently detected bug that is able to execute remote code on an Android phone with no more information required than a phone number.

Joshua Drake from Zimperium Mobile Security discovered six + one critical vulnerabilities in the native media playback engine. He dubbed the weaknesses ‘Mother of all Android Vulnerabilities’. Drake said that the vulnerabilities can be exploited by sending a single multimedia text message to an unpatched Android smartphone. He says that they are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and infiltrate private data.

Apparently, all that the potential hacker needs to do is to send out the exploits to the would be mobile phone numbers. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions. Once the vulnerability is exploited, the hackers can access almost anything including recording of audio and video, snooping on photos stored in SD cards. Even the a Bluetooth radio can also be hacked via Stagefright.

The bug is really a silent killer. Once it has been delivered, the hacker can delete the message before the user had been alerted about it, making the attacks totally discreet and silent.

Some phones have already been patched. Blackphone tweeted that it had fixed the bug “weeks ago” because researchers held back from going public for three months. Android phones below version 2.2 are not affected.

Zimperium zLabs has not publically disclosed all the information hackers would need to exploit the Stagefright flaw. His full research will be shown at Black Hat USA and DEF CON 23 August.

At Veloxity, we understand that cell phone security is crucial for peace of mind. Our commercial cell phone charging stations have safe and secure lockers that can only be accessed via a keypad or credit card. Event goers have a lot to worry about and to prepare for so we want to make sure you don’t have to worry about your phone battery. Using our secure charging kiosk you won’t have to stress about a low battery.