Android Stagefright - Comments from Webroot
July 2015 by Webroot
Following the discovery of Android Stagefright, please find the following comment from David Kennerley, threat research manager at cybersecurity firm Webroot.
“We should all be seriously concerned about this newly discovered vulnerability. It affects almost all versions of Android, from version 2.2 to the latest version (5.1) which could be as many as one billion devices open to exposure.
Specially crafted malware hidden inside multimedia message (MMS) can be used to stealthy exploit a vulnerability in the Stagefright library. And the scary part is that no user interaction is needed at all – preview generation is automatic upon receiving the MMS.
Google has patches available for support Android OSs it continues to support. But the bad news is that most smartphone manufacturers will need to implement the new code into their own Android OS flavours. This means manufactures are in complete control of when users will receives these critical updates. Past experience tells us some customers could be waiting a very long time – possibility forever.”
Smartphone manufacturers should take this as an opportunity to show how serious they are about defending the security of the customers who have already and deploy credible fixes asap. Something tells me this isn’t a story that isn’t going to go away anytime soon.”