Google Search

Custom Search

Friday, 7 August 2015

Stage fright Detector (lookout) - Check if your device is vulnerable

Lookout Security released a Stagefright vulnerability checker for android on the Playstore and its something that we advise all readers to install. The app would check your device for all known Stagefright vulnerability for your device. This may not be the solution to the Stagefright issue but it is good enough to learn that if your device is patched. The only way to be safe from Stagefright right now is for your device manufacturer to release an update for your current system but as a precaution, you can always disable auto download for MMS.

The Stagefright Detector app scans your Android device to determine whether you are affected by the Stagefright vulnerability and provides you with practical advice on how to protect yourself and your device, such as immediately installing any patch from your carrier or OEM and disabling MMS auto-fetch in your default messaging app until your device is patched.

What is the Stagefright vulnerability?
The Stagefright vulnerability refers to a critical vulnerability that was discovered last week in the Stagefright library, an open source media player used by 95% of Android devices. The vulnerability is particularly troublesome because it can be delivered via MMS, which is automatically downloaded to the Android device by default, giving a potential attacker the ability to remotely control and steal data from the device.

Currently there is no evidence that these exploits are being used in the wild. The Stagefright vulnerability affects any Android device running Froyo 2.2 to Lollipop 5.1.1 and has been documented with the following reference numbers: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829.

Will Stagefright Detector fix the Stagefright vulnerability?
Stagefright Detector is designed to keep you informed about the status of your device.
Stagefright Detector will not fix the vulnerability, because the vulnerability can only be fixed once a patch is released by Google, your carrier or your device manufacturer, which typically is delivered through a System Update. To check if a patch is available for most Android devices, go to Settings and click System Updates.

We reported earlier that Google and Samsung started their OTA update for the Stagefright and we hope that others would follow suit as Google already released the patch thru AOSP.

No comments:

Post a Comment