Hacker News new | past | comments | ask | show | jobs | submit login

So... where is it?

There clearly hasn't been any major deployment of this - especially at the scale of Blaster or Conficker.

It's "trivial" perhaps for a single device but every device is different and it'd require its own exploit code, exploit mitigation features cause it to be difficult to actually exploit too - making it quite problematic to deploy in practice.

Are we really so moronic that we need to wait for something to explode before we're ready to acknowledge the fire hazard that caused the explosion in the first place?

If it were so trivial it probably would have already happened. There's tons of cash to be made in SMS and MMS spam.

It's not trivial - there's a lot of devices and exploiting mitigation techniques to deal with, there's not even a reliable PoC that works on real-world devices with ASLR enabled.

These exploit mitigation techniques and differences in builds have basically saved it from becoming the disaster it sounds like at first glance.

I guess to answer your question, yes, yes we are that moronic. Not many people will care unless it's proven rapidly and readily exploitable.

You just stated that Stagefright was "trivially weaponizable". So why don't you answer their question and provide proof? Surely a "trivially weaponizable" exploit on over 1.4 billion devices would be a very attractive target to nefarious organizations and hackers.

It's been about 2 years since Stagefright was disclosed. Are we still waiting for it to explode? And if so, can you give a timeline for when this explosion will occur?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact