A year ago, a set of serious Android vulnerabilities collectively called Stagefright emerged. It was said to affect more than a billion Android phones globally, essentially any phone with Froyo 2.2 and above, and security researchers dubbed it as "the worst Android vulnerability ever."
How bad was this exploit? Researchers warned that the flaws were so critical that a phone can be hacked and taken over with just a single text. All the attacker needed to do was send a multimedia message (MMS) with the exploit and it would automatically attack the phone as soon as the message was received.
Scarier still, the user doesn't even have to view the malicious MMS. The attack occurs even before the message notification sound is heard and there's nothing that can be done to prevent it.
Since that time, Google has already issued patches for 115 flaws, a majority of them are directly related to the Stagefright exploits. With all these fixes, you would think the Stagefright scare is way behind us now.
But not so fast.
According to security researchers, even after a year of updates and patches, hundreds of thousands of Android users are still at risk. The vulnerabilities are still out there, just waiting for someone to exploit them.
The problem lies in how these updates are being rolled out. The updates vary for each phone model and it also depends on the whims of the carrier and the manufacturer of the device. Older Android phones may not even receive updates at all so current and upcoming vulnerabilities will never get patched. Researchers say that although these unpatched exploits may not necessarily turn into major attacks, the risk for these phones still exists.
Even as Google is rolling out major security improvements for the next versions of Android, like Linux-derived kernel protections from memory corruptions and the attack surface reduction, these features will not apply to every Android phone out there nor will the new version roll to devices at the same time. If you have an older Android phone, you may be out of luck.
What could you do then to shield yourself from attacks especially if you have an older Android device?
First, make sure you constantly check for and install updates. Even though your device may not be getting all the patches for existing flaws, at least Google still provides security fixes for older Android versions.
Also, as always, be careful about sideloading and installing apps from unknown sources. Always get your apps from the official Google Play app store since they are tested and verified to be mostly safe and malware-free.
For the Stagefright exploit, you could install an app called Stagefright Detector. This was developed by Zimperium, the people who discovered the Stagefright vulnerabilities and bugs. This app has limited functionality though and it will not clean nor prevent Stagefright exploits. It simply tells you if your device is vulnerable or not.