An exploit was discovered last week by researchers at Zimperium that is believed to leave the majority of Android devices vulnerable to attack. Hackers could potentially use the libStageFright media library (hence ‘Stagefright’) as a way into your device when processing an MMS. Potentially an attacker would only need your mobile number and then execute an attack even with no user-interaction. Even worse, the MMS can delete itself before you open it. Zimperium says that “issues in Stagefright code critically expose 95% of Android devices, an estimated 950 million devices”.
Many of you have got in touch with us asking when a fix is likely, however Sony has officially been quiet on the matter. Google is working alongside all of the key Android manufacturers to deliver updates that patch this exploit. At Black Hat 2015, Google confirmed that a fix will arrive this month for the newer Xperia Z series such as the Xperia Z2, Z3, Z3+/Z4 and Z3 Tablet Compact. However, “hundreds more” devices will also receive the update, so other Sony Xperia devices won’t be left in the cold.
If you want to find out whether your Sony Xperia device is vulnerable to this exploit, then Zimperium has created the Stagefright Detector App which will test your handset.
Update: Sony has got in touch with a statement on how they are tackling the Stagefright exploit.
“Sony has received the patches from Google to correct the issue and are making them available through retail partners within ongoing software maintenance – updates will start rolling out over the next few weeks, with exact timings varying by region.
“Users can also take steps to protect themselves by disabling the automatic download of MMS messages and deleting those from unknown senders, exercising caution when opening email attachments, connecting to well-known Wi-Fi networks and ensuring websites, services and application stores are authentic.”
Sony Xperia Z2/Z3/Z4 series will receive the Stagefright fix later this month
Use the Stagefright Detector App to determine the vulnerability on your handset
Via Zimperium [image via Tweakers.net.]
Thanks Diogo!