Security Alert: Stagefright Bug Affects Almost Every Android Phone

A bug in Android media playback engine has opened up a very nasty security hole for most of the world’s Android devices. Now it’s up to vendors and telcos to patch it.

Image: Family O’Abé

Stagefright is the native media playback engine for all versions of Android since 2.2 (“Froyo”) and the attack is said to be very simple indeed, requiring only the phone number of the handset in question in order to execute remote code. The bug was discovered by Zimperium zLabs who state that they’ll release full details of the flaw at the Black Hat conference next week in Las Vegas.

It’s a worrying flaw on two fronts. Firstly, it’s not an exploit that requires any kind of user action to implement in any way at all. The example cited is to send a vulnerable device a simple MMS which can then self-delete.

Then there’s the issue that Android updates for older devices are often an afterthought; the bug is said to be particularly worrying for any devices older than Android 4.2 as they lack certain exploit mitigations built into newer versions of Android.

Android Stagefright Flaws Put 950 Million Devices At Risk [ThreatPost]

The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.


17 responses to “Security Alert: Stagefright Bug Affects Almost Every Android Phone”