The Legacy of Stagefright - eviltoast

cross-posted from: https://lemdro.id/post/190327 (!android@lemdro.id)

Every so often a piece of security research will generate a level of excitement and buzz that’s palpable. Dan Kaminsky’s DNS bug, Barnaby Jack’s ATM Jackpotting, Chris Valasek and Charlie Miller’s Jeep hacking escapades. There’s something special about the overheard conversations, the whispered sightings of the superstar du jour, and the packed-to-the-rafters conference hall. These moments have delivered something more than just research: they delivered entertainment.

Stagefright was one of these big moments. A frenzied feeling in the air, a willing showman, and a message to deliver. Mobile security was broken, seriously broken.

It’s been 8 years since Stagefright’s careful dissection of Android’s remote security posture, and it seems like a great time to revisit the event and its aftermath. Like any great piece of research, Stagefright changed the world, and it’s only with hindsight that it’s really possible to understand how.

See article for more.