Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text
The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824)
The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to 5.1 version are vulnerable which is estimated around 950 millions around the world.
Exodus Intelligence security researcher Mr.Jordan Gruskovnjak analysed the patch from Google and still found that the patch did not address the issues completely. This was later discussed during Blackhat and Defcon which gave more of an attention.
On the exodus blog, they further state that “We notified Google of the issue on August 7th but have not had a reply to our query regarding their release of an updated fix. Due to this, as well as the following facts, we have decided to notify the public of our findings here on the Exodus Intelligence blog. “ Details available here
The firm notified Google 120 days ago but Google doesn’t seem to have taken this seriously which leaves the entire eco system of Android vulnerable. Till we have communication from Google uses are left in the dark.
Video Demo is available below