- cross-posted to:
- technology@beehaw.org
- security
- exploitdev@infosec.pub
- cross-posted to:
- technology@beehaw.org
- security
- exploitdev@infosec.pub
Every so often a piece of security research will generate a level of excitement and buzz that’s palpable. Dan Kaminsky’s DNS bug, Barnaby Jack’s ATM Jackpotting, Chris Valasek and Charlie Miller’s Jeep hacking escapades. There’s something special about the overheard conversations, the whispered sightings of the superstar du jour, and the packed-to-the-rafters conference hall. These moments have delivered something more than just research: they delivered entertainment.
Stagefright was one of these big moments. A frenzied feeling in the air, a willing showman, and a message to deliver. Mobile security was broken, seriously broken.
It’s been 8 years since Stagefright’s careful dissection of Android’s remote security posture, and it seems like a great time to revisit the event and its aftermath. Like any great piece of research, Stagefright changed the world, and it’s only with hindsight that it’s really possible to understand how.
While i can fully admit this is over my head i get the gist of what is going on here. Fantastic article imo.