The Stagefright security flaw (link is Wikipedia), first reported July 2015, was largely resolved by Google by the release of Android 5.1 (“Lollipop”), but there are still plenty of smartphones in play that have the weakness. In fact, unlike iOS users, many owners of Android-based smartphones never (or very slowly) update the operating systems of their devices. Worse still, some phones, especially those targeted at low entry prices in the market, are not capable of updating. Here’s the kicker: not all versions of Lollipop have the fix. Unfortunately, manufacturers customize the operating systems for their own hardware and needs, with a large number of 5.1 smartphones subject to this exploit.
In the video below, researchers demonstrate a real-world implementation of the exploit called Metaphor.
This work was done by NorthBit, a software research company. A technical paper is available by clicking the Metaphor Stagefright exploit PDF link. If your smartphone is running an operating system version before 5.1, you may still be able to limit the impact of the issue with changes to your settings, or check this link to see if the Google patches released will work for you.
No comments:
Post a Comment
Suggestions welcome! Is there a big story on one of those corporate tech blogs you'd like to see analyzed from the perspective of one guy? Send me the link!