For those who are not familiar with Stagefright vulnerability, an Android vulnerability originating from the media library called libstagefright was discovered in July, 2015. Attackers could exploit it to target affected phones using text or MMS. The vulnerability enabled them to exploit weaknesses in the Multimedia Preview Function of Android devices.
Different carriers, phone manufacturers and Google released patches to fix the issue within two weeks of discovery. Only after three months of these fixes, however, Stagefright was discovered by Zimperium (a security company). Attackers found a way to encode malicious code into most popular audio formats, i.e. mp3 and mp4. When a user plays these infected files, the malicious code gets executed, therefore, compromising user’s security.
The exploit can also be used to attack devices using various other methods. Almost all Android devices are at risk of the vulnerability and the worst thing is that despite promises, fixes have not yet been released for a majority of devices.
Users don’t need to panic as we don’t have concrete evidence yet that the vulnerability has been exploited in the wild. They, however, need to be cautious. The coding for these exploits is also quite complex so, average coders are not able to use the exploit to their advantage.
