Stagefright is a bug affecting most devices in the Android ecosystem and it is quite serious. Stagefright is said to affect Android versions from 2.2 (Froyo) upto 5.1.1(Lollipop).
Stagefright is a vulnerability that allows a remote attacker to access your entire device such as your apps, camera, microphone and data by simply having your mobile phone number through remote code execution. The attacker can remotely excute the attack by sending a malicious MMS that can be delivered to your phone. Google Hangouts is said to be the most affected application due to its auto download feature, Those with auto-download enabled in your messaging apps are more likely to be affected as it doesn’t require you to view the message for the attack to be executed.
To better understand how your android device could be affected, here is a demonstration video by Zimperium, the company that uncovered the bug.
Due to the way Android distribution is structured, receiving the update may be delayed for most devices as it must be issued and approved through carriers and OEMs for their respective devices. Since Android is one of the largest mobile operating systems, the bug is said to affect the majority of the devices since a lot of them run Android version between Froyo and Lollipop.
Google, Samsung and Motorola have provided or are in the process of providing updates to fix this issue on the majority of their devices with other companies following suit. Recently Google, Samsung and LG have all agreed to provide regular over-the-air (OTA) security updates to their devices regularly each month.
[info_message style=”warning”]As a general warning, until you update your android device please try to disable your MMS feature (as recommended by Motorola) and do not open an MMS from an unknown sender.[/info_message]