Android Multimedia “Stagefright” Security Flaw is Widespread and Critical
On January 25, 2016, my phone received the first clearly identifiable attempt at a Stagefright attack, through a text message with an attachment.
“Stagefright” is an Android component that processes multimedia content. On July, 28, 2015, a very serious security flaw was announced that makes it possible for an attacker to send a specially crafted MMS message that will exploit the vulnerability and allow the attacker to gain root control of the device without any action on the part of the user. For Nexus devices distributed by Google, fixes are available, but most Android devices get fixes from cell phone carriers and will get the update much later, or in many cases never. To find out whether or not your device has received patches, go to Settings->About and look for the security patch level as shown in Figure 1. The security patch level item was added in September, 2015 as part of Google’s response to the Stagefright vulnerabilities. Google now issues a new security level every month; Nexus devices generally get the update in the first week of the month.
In many cases, browsers and other applications use the Stagefright library, and there is currently no way to mitigate these attacks. This problem means that tablets with WiFi are vulnerable to the Stagefright problem.