How To Protect Your Device From Android’s Stagefright Exploit

How To Protect Your Device From Android’s Stagefright Exploit :

Android’s Stagefright Exploit

Android has a massive security bug in a component known as “Stagefright.” Just receiving a malicious MMS message could result in your phone being compromised. It’s surprising we haven’t seen a worm spreading from phone to phone like worms did in the early Windows XP days — all the ingredients are here.

It’s actually a bit worse than it sounds. The media has largely focused on the MMS attack method, but even MP4 videos embedded in web pages or apps could compromise your phone or tablet.

Why the Stagefright Flaw is Dangerous — It’s Not Just MMS

Some commentators have called this attack “Stagefright,” but it’s actually an attack on a component in Android named Stagefright. This is a multimedia player component in Android. It has a vulnerability that can be exploited — most dangerously via an MMS, which is a text message with embedded multimedia components.

Many Android phone manufacturers have unwisely chosen to give Stagefright system permissions, which is one step below root access. Exploiting Stagefright allows an attacker to run arbtirary code with either the “media” or “system” permissions, depending on the how the device is configured. System permissions would give the attacker basically complete acess to their device. Zimperium, the organization that discovered and reported the issue, offer more details.

Typical Android text messaging apps automatically retrieve incoming MMS messages. This means you could be compromised just by someone sending you a message over the telephone network. With your phone compromised, a worm using this vulnerability could read your contacts and send malicious MMS messages to your contacts, spreading like wildfire like the Melissa virus did back in 1999 using Outlook and email contacts.

Initial reports focused on MMS because that was the most potentially dangerous vector Stagefright could take advantage of. But it’s not just MMS. As Trend Micro pointed out, this vulnerability is in the “mediaserver” component and a malicious MP4 file embedded on a web page could exploit it — yes, just by navigating to a web page in your web browser. An MP4 file embedded in an app that wants to exploit your device could do the same.

Is Your Smartphone or Tablet Vulnerable?

Your Android device is probably vulnerable. Ninety-five percent of Android device in the wild are vulnerable to Stagefright.

To check for sure, install the Stagefright Detector App from Google Play. This app was made by Zimperium, which discovered and reported the Stagefright vulnerability. It will check your device and tell you whether Stagefright has been patched on your Android phone or not.

Android’s Stagefright Exploit

How to Prevent Stagefright Attacks If You’re Vulnerable

As far as we know, Android antivirus apps won’t save you from Stagefright attacks. They don’t necessarily have enough system permissions to intercept MMS messages and interfering with system components. Google also can’t update the Google Play Services component in Androidto fix this bug, a patchwork solution Google often employs when security holes show up.

To really prevent yourself from being compromised, you need to prevent your messaging app of choice from downloading and launching MMS messages. In general, this means disabling the “MMS auto-retrieval” setting in its settings. When you receive an MMS message, it won’t automatically download — you’ll have to download it by tapping a placeholder or something similar. You won’t be at risk unless you choose to download the MMS.

You shouldn’t do this. If the MMS is from someone you don’t know, definitely ignore it. If the MMS is from a friend, it would be possible their phone has been compromised if a worm does begin to take off. It’s safest to never download MMS messages if your phone is vulnerable.

To disable MMS message auto-retrieval, follow the appropriate steps for your messaging app.

  • Messaging (built into Android): Open Messaging, tap the menu button, and tap Settings. Scroll down to the “Multimedia (MMS) messages” section and uncheck “Auto-retrieve.”
  • Messenger (by Google): Open Messenger, tap the menu, tap Settings, tap Advanced, and disable “Auto retrieve.”
  • Hangouts (by Google): Open Hangouts, tap the menu, and navigate to Settings > SMS. Uncheck “Auto retrieve SMS” under Advanced. (If you don’t see SMS options here, your phone isn’t using Hangouts for SMS. Disable the setting in the SMS app you use instead.)
  • Messages (by Samsung): Open Messages and navigate to More > Settings > More settings. Tap Multimedia messages and disable the “Auto retrieve” option. This setting may be in a different spot on different Samsung devices, which use different versions of the Messages app.

It’s impossible to built a complete list here. Just open up the app you use to send SMS messages (text messages) and look for an option that will disable “auto retrieve” or “automatic download” of MMS messages.

Warning: If you choose to download an MMS message, you’re still vulnerable. And, as the Stagefright vulnerability isn’t just an MMS message issue, this won’t completely protect you from every type of attack.

Credits Go To 

Share With Friends

Latest Comments

  1. Darvin April 8, 2017
  2. emerald coins cheat April 9, 2017
  3. car insurance quotes April 10, 2017
  4. car insurance Redding CA April 10, 2017
  5. car insurance MS April 11, 2017
  6. auto insurance April 11, 2017
  7. rac breakdown insurance April 11, 2017
  8. online kredit deutschland April 11, 2017
  9. premier insurance boise April 12, 2017
  10. viagra en france visa April 13, 2017
  11. tadalafil köpa Sverige April 13, 2017
  12. ou acheter cialis prix April 13, 2017
  13. generisk viagra urin April 14, 2017
  14. car insurance Conway AR April 15, 2017
  15. günstiger privatkredit April 18, 2017
  16. aaa southgate mi April 18, 2017
  17. free coins line ios April 20, 2017
  18. madden 16 mut coins free April 20, 2017
  19. zynga free coins April 20, 2017
  20. zoosk April 20, 2017
  21. fun run hack coins April 21, 2017
  22. madden 13 coin generator April 21, 2017
  23. fut 14 April 21, 2017
  24. glu coins hack download April 21, 2017
  25. kendall and kylie April 22, 2017
  26. habbo free coins April 22, 2017
  27. 8 ball pool coins cheat April 22, 2017
  28. online viagra April 22, 2017
  29. purchase viagra April 22, 2017
  30. sildenafil April 22, 2017
  31. online viagra April 22, 2017
  32. purchase viagra April 22, 2017
  33. cheap viagra April 22, 2017
  34. order viagra online April 23, 2017
  35. generic viagra April 23, 2017
  36. purchase viagra April 23, 2017
  37. sildenafil April 23, 2017
  38. viagra online April 23, 2017
  39. sildenafil April 23, 2017
  40. viagra online April 23, 2017
  41. online viagra April 23, 2017
  42. sildenafil April 23, 2017
  43. generic viagra April 23, 2017

Leave a Reply