Wednesday , December 19 2018 Ausdroid » News » Details of Stagefright and a tool to check vulnerability released

Stagefright

Unless you’ve been living under a rock over the last week or so, you’ve heard about the Stagefright vulnerability on a supposed 90% of Android devices. Stagefright is a multimedia library that exists as part of the Android Framework; just over a week after the initial threat emerged, the details of the exploit along with a demo video and a tool to check if your device is vulnerable have emerged.

The video shows that as soon as an MMS is received, shell access to the targeted device can be obtained. Followed by execution of the specific exploit (run as a media user) and voila; root access to the device is achieved in a matter of seconds without the need for the user to actually open the malicious MMS. Its a very scary potential for someone to obtain root access to your device, particularly without you even knowing about it.

As mentioned in our original article about the vulnerability, there is a way to protect yourself to minimise your risk by simply disabling the automatic download of MMS and some third party messaging apps claim to offer Stagefright protection.

The security firm Zimperium Mobile Security, formed the Zimperium Handset Alliance earlier this month (perhaps as a reaction to the Stagefright vulnerability) to make threat mitigations on various platforms and fixes for the exposed vulnerabilities available sooner across the spectrum of manufacturers and handsets. On their blog, Zimperium state that they’ve launched the ‘Stagefright detector App’ for Android users to test if their device is vulnerable. The app is available for download on the Play Store, hit the link below if you’re keen to check on your devices potential vulnerability.

Stagefright Detector
Stagefright Detector
Developer: Zimperium INC.
Price: Free

Is the Stagefright vulnerability a serious threat to Android security, or is it just another storm in a teacup?

Source: Zimperium Blog.

Phil Tann   Journalist

Phil is an Android enthusiast who spends most of his time reading up on U.S. Android news so he can get the low down on what could possibly hit Australian shores. Coming from a background in IT & T sales, he’s in the perfect position to give an educated view on hardware and software.

2
Join the Ausdroid Conversation

avatar
2 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
2 Comment authors
Martin DolanLevel380 Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Martin Dolan
Ausdroid Reader

I’m patched and it says vulnerable. It’s just a scam app to get you to use their services.

Level380
Guest
Level380

Don’t bother installing, the app comments says it still reports a patched nexus as faulty. Seems all devices fail the test.

Check Also

Android 9.0 Pie rolling out to some Huawei P20, P20 Pro and Mate 10 devices

Huawei is one company that in the past has been criticised for their lack of …