• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Stagefright vulnerability (disable MMS auto-download)

It doesn't mention anything being released anywhere. Also, the exploit has been known for a month or so now. :

What I gather of the approach is:
  • the initial release to the public was general - alerting us to the existence of the vulnerabilty.
  • The specific details of how they accomplished the attack were not initially published publically but provided to a smaller audience of Google and perhaps phone OEM's.
  • The intent of this approach was that Google and others would have a chance to release patches before full details released to the public (which includes the potential hackers)

Now that the patches are mostly all released by Google, carriers/OEM's etc, it's apparently time to release the full details (python code) of Zymperium's intial "successul" attack to the public, ostensibly for the purpose of allowing other developers to understand the vulnerability and take appropriate action (I'm not sure which developers are targeted).

That's the public line from Zimperium anyway. For a skeptical (paranoid?) person, there's always different ways to imagine the reality:
  • It may be that enough details circulated publically for attackers and analysts to already understand the attack even before the exact code of the initial attack was released.
  • It may also be this release is just an attempt by Zimperium to extend the public spotlight on themselves.
  • It may be that the official fixes don't really fix things as per Earlymon's link
    • Fwiw, my inclination is still to try to get the official fixes and security updates when I can.
 
Last edited:
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones