Thursday , August 24 2017

Details of Stagefright and a tool to check vulnerability released

Stagefright

Unless you’ve been living under a rock over the last week or so, you’ve heard about the Stagefright vulnerability on a supposed 90% of Android devices. Stagefright is a multimedia library that exists as part of the Android Framework; just over a week after the initial threat emerged, the details of the exploit along with a demo video and a tool to check if your device is vulnerable have emerged.

The video shows that as soon as an MMS is received, shell access to the targeted device can be obtained. Followed by execution of the specific exploit (run as a media user) and voila; root access to the device is achieved in a matter of seconds without the need for the user to actually open the malicious MMS. Its a very scary potential for someone to obtain root access to your device, particularly without you even knowing about it.

As mentioned in our original article about the vulnerability, there is a way to protect yourself to minimise your risk by simply disabling the automatic download of MMS and some third party messaging apps claim to offer Stagefright protection.

The security firm Zimperium Mobile Security, formed the Zimperium Handset Alliance earlier this month (perhaps as a reaction to the Stagefright vulnerability) to make threat mitigations on various platforms and fixes for the exposed vulnerabilities available sooner across the spectrum of manufacturers and handsets. On their blog, Zimperium state that they’ve launched the ‘Stagefright detector App’ for Android users to test if their device is vulnerable. The app is available for download on the Play Store, hit the link below if you’re keen to check on your devices potential vulnerability.

Stagefright Detector
Stagefright Detector
Developer: Zimperium INC.
Price: Free

Is the Stagefright vulnerability a serious threat to Android security, or is it just another storm in a teacup?

 
Source: Zimperium Blog.

Phil Tann   Journalist

Phil is an Android enthusiast who spends most of his time reading up on U.S. Android news so he can get the low down on what could possibly hit Australian shores. Coming from a background in IT & T sales, he’s in the perfect position to give an educated view on hardware and software.

Join the Ausdroid Conversation

2 Comments on "Details of Stagefright and a tool to check vulnerability released"

avatar
Sort by:   newest | oldest | most voted
Martin Dolan
Valued Guest
Martin Dolan

I’m patched and it says vulnerable. It’s just a scam app to get you to use their services.

Level380
Valued Guest
Level380

Don’t bother installing, the app comments says it still reports a patched nexus as faulty. Seems all devices fail the test.

wpDiscuz

Check Also

Samsung officially unveils the Galaxy Note 8 with dual-lens camera

At their New York event, Samsung has unveiled the Galaxy Note 8 showing off the …