14 DAY TRIAL // Zimperium, the company that discovered and announced the presence of a severe bug in all smartphones running Android 2.2 or higher, has now released their Stagefright exploit code, which security experts, phone vendors, and users can utilize to test if their devices are still vulnerable to this bug.
Affecting over 95% of all Android devices currently on the market, Stagefright has the potential of granting hackers full control over a phone without users being aware it has happened.
This meager bug that exploited a low-level vulnerability in the libstagefright and mediaserver libraries has effectively reshaped the industry's mobile security policies.
Soon after Stagefright was discovered, Google announced it was planning on releasing monthly updates to all Nexus devices, which will handle itself, instead of leaving it to mobile carriers.
The same thing was later announced by Samsung, in a move that was greeted with joy by all smartphone users tired of waiting for their lazy mobile providers to push device updates, some of which are months old when reaching their phones.
The exploit code is now available online
According to a Zimperium blog post, the company intended to release the code this August at the Black Hat USA 2015 security conference, where Stagefright was first revealed to the world.
At the request of mobile carriers and device manufacturers, the code was delayed, so proper patches could be prepared.
Now, after all the updates have been distributed, Zimperium released the Python script that allowed them to exploit the Stagefright bug (CVE-2015-1538).
This code can be used to grant attackers full access over a plethora of phone features, ranging from its video camera, agenda, and media storage, all by simply sending a malicious and malformed MMS message.
The Zimperium Stagefright exploit code is not 100% reliable since it was only tested on a Nexus running Android 4.0.4, but small tweaks here and there can allow developers to run it on other devices and Android versions.
