Page 43 - index
P. 43
Why every Android user should take the Stagefright leak very
seriously
A vulnerability in Android called Stagefright was exposed at the 2015 Black Hat conference in early
August. You may have heard of it, if only because the media frenzy that followed claimed that
hundreds of millions of phones could be hacked with a single text – but is any of that true? If that
were the case, surely Google, the developer of the popular operating system, would have fixed it by
now…right?
(image: pocket-lint.com)
What is Stagefright and why should you
care?
You may have grown accustomed to all of
the vulnerabilities, bug and alerts out there
in technology land. You’re calm because
you know that ultimately there will be a
patch to fix it, right?
Unfortunately, it’s not so simple with the
Stagefright leak. Think of a doomsday film
where a deadly asteroid is about to strike Earth, and there’s no way for scientists to divert it with
their fancy technology. That’s basically what’s going on – the Stagefright bug, due to the nature of
the Android world, isn’t likely to be addressed any time soon. If things don’t change, it’s only a
matter of time before an exploit strikes and brings chaos to an unthinkable number of devices.
So, yes, it is possible that you could receive a strange video text, not even open it, and some cyber
criminal halfway around the world could start spying on you through your video camera. But that’s
only one possibility.
If a hacker gets into your device through the Stagefright vulnerability, he could gain access to
your address book, apps, message history, personal emails, and all the information tied to your
Google account. This means that every bit of information tied to your Google account – from Gmail
to Google Drive – is up for grabs: financial information, browsing history, personal messages and
classified work documents…
It’s imperative you understand that your phone isn’t the only thing at risk. Your whole digital life is at
risk.
How does Android work, exactly?
To understand the Stagefright vulnerability properly, it’s important to look at the Android
architecture. Android is very modular operating system, so things run in separate processes. This is
in part thanks to the Dalvik virtual machine, which is the component in most Android phones (it has
been replaced entirely by Android runtime in Android 5.0) that allows each app to run separately
43 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
