The Stagefright vulnerability impacts 95 percent of existing Android devices – numbering nearly 1 billion phones and other equipment – via multimedia messaging. A malware video file would be processed immediately upon receipt – you won’t even have to open the message, if you’re using the Hangout application, while if you’re using the default messaging application, opening the message will trigger integration of the harmful code.
Once the phone is compromised, a subsequent MMS message would allow the hacker to write code, steal data, record audio or video, or access Bluetooth.
In May, Google accepted the patches required to fix the issues. But Android phone manufacturers including Samsung, Sony, Motorola, LG, Lenovo and HTC have not yet addressed the problem, lacking a financial incentive to do so.