In The News‎ > ‎

Android "StageFright" Vulnerability

posted Jul 28, 2015, 11:15 AM by Craig Cox   [ updated Jul 28, 2015, 11:26 AM ]
There's a new vulnerability out, and following the trail blazed by "Heartbleed", it has its own name and icon.  Stagefright is a serious vulnerability that could allow a malicious attacker to compromise your Android phone simply by sending you a text message.  In the worst case scenario, the hackers would not have to trick you into opening or clicking anything, and they could cause your phone to then forward the compromise to everyone in your contact list.

There are some workarounds (hat tip to Joel Harrison of the IIT Systems group).  In summary, this seems to amount to preventing MMS apps from processing video they receive -- no preview, no playback.  The vulnerability is in the video viewer.  If you are an Android user, you should step through the workarounds blog entry sooner rather than later, and bug your cell phone provider for updates to your Android OS.  Not to be a panic-monger*, but this is a bad one.

Edited to add:  In case this wasn't clear, this does not affect iPhones at all.  This is only an Android phone problem.

*to the extent I can even help it these days  :(