The StageFright flaw of the Android operating system is still being exploited as of this year, according to a quarterly Internet Security Report conducted by WatchGuard Technologies. The buffer overflow vulnerability found in the libStageFright module of Google’s open source operating system that manages video messages has been publicly known since 2015 and while the Mountain View, California-based tech giant has been releasing patches for security holes found in this problematic library ever since, the security threat it poses exists to this day. WatchGuard’s quarterly reports are traditionally completely dominated by web exploits but the popularity of StageFright-related attacks has recently been on the rise to such a degree that the cyber security company recorded over 31,000 counts of attacks associated with vulnerabilities in this Android module in the first quarter of 2017. The trend allowed StageFright to crack the firm’s top ten list of the most common hits against its Intrusion Prevention Service (IPS), placing tenth in the aforementioned three-month period, accounting for 2.4 percentage points of all attacks neutralized by IPS.
StageFright exploits essentially allow hackers to turn a video message into an attack vector, consequently gaining root privileges of a remote device and executing arbitrary code on it in the worst case scenario. Even if the attack isn’t a complete success, it can still be used to remotely crash a vulnerable Android device. The popularity of StageFright allowed it to become the first mobile-only security threat that appeared on WatchGuard Threat Lab’s top ten list of hacking attacks detected by IPS in 2017 and that trend may continue for some time, the report indicates, stating that despite being in circulation for almost two years now, StageFright not only continues to exist but is “prolific.”
The cyber security firm recommends owners of Android devices to regularly keep their smartphones and tablets updated with Google’s security patches, though that can be easier said than done given how original equipment manufacturers (OEMs) and mobile service providers are also meant to distribute those updates in a timely manner, which isn’t always the case. The so-called Project Treble that the Alphabet-owned tech giant recently announced may facilitate the process of updating Android devices but it’s primarily aimed at handsets and tablets running Android O, so its true effects may not be observable for some time now. WatchGuard’s full Internet Security Report for Q1 2017 is available at the source link below.