/ / / / Android app tells you if you have 'Stagefright' vulnerability

Android app tells you if you have 'Stagefright' vulnerability

*

Got Stagefright? Not the fear of an audience, but an Android vulnerability that could hijack your smartphone via a garden-variety MMS. The company that discovered the flaw, Zimperium, has now released a tool, the Stagefright Detector App, to at least let you know if you're patched against it. Google issued a fix a while ago, and you're protected if you have a Nexus device. But if you own nearly any other smartphone -- even a brand new one like Samsung's Galaxy S6 -- you're probably still at risk.

In fact, I checked my own Galaxy S6 Edge, and yep! If you send me an infected MMS and I'm silly enough to open the video attachment, then my phone is your phone. In fact, if I used Google's Hangouts for SMS (I don't), the app may pre-process the attachment and infect me regardless. Some devices other than Nexus aren't vulnerable -- a colleague who owns a OnePlus One with a CyanogenMod nightly is already protected. However, devices from manufacturers like Samsung, HTC and LG are still at risk, even if you paid top dollar for the latest and greatest flagship (ahem).

If you receive a video MMS from somebody you don't know, then of course, don't open it.

The Stagefright Detector app lets you know if you're vulnerable, though it's no cure. The app told me I wasn't patched against CVE-2015-3827 and -1538 flaws, but didn't point me to any advice on how to fix the problem. Instead, it directed me to contact Zimperium, which appeared to want to market me its products. Nevertheless, the company does have a blog post on how to handle the vulnerability -- in a nutshell, if you're using Hangouts as your SMS app, you'll need to disable "Auto Retrieve SMS." And if you receive a video MMS from somebody you don't know, then of course, don't open it.

It's still not clear how many people this has affected, and Zimperium is clearly milking some publicity out of the flaw. Still, it highlights how Android's fragmentation problem leaves the platform much more vulnerable to attacks than iOS -- when Apple issues a patch, every iPhone owner gets it, period.

Filed under: ,

Comments

Source: Zimperum

Tags: Android, flaw, stagefright, video, vulnerability



from Engadget Full RSS Feed http://ift.tt/1Ne8b2L
via IFTTT
Share on Google Plus
    Blogger Comment