Toggle navigation
Sanchayani
About
Services
Contact
Login
Registration
Title :Stagefright Vulnerability in Android Phones
Blogger :पूजा
SUbject :Information Security Awareness
likes:8 dislike:3
Stagefright Vulnerability: A simple smartphone exploit that doesn’t require the user to do anything other
than receive a text message. Named Stagefright, it is a media library that processes several popular
media formats. Since media processing is often time-sensitive, the library is implemented in native code
(C++) that is more prone to memory corruption than memory-safe languages like Java .These issues in
Stagefright code critically expose 95% of Android devices, an estimated 950 million devices.
Severity:
HIGH
Impact:
Attackers require only the mobile number, using which they can remotely execute code via a specially
crafted media file delivered via MMS.
Remote code execution allows sophisticated attackers to execute privilege escalation attacks, which
allow the attacker to change roles on the device – providing unfettered control: access to read the victim’s
emails, Facebook/whatsapp messages and contacts, access data from other applications or use the
device as a pivot into the customers’ network and cloud applications.
Affected Application:
• Android operating systems 2.2 and later are vulnerable to related attacks.
• Android’s Jelly Bean version 4.1-4.3.1 is at high risk for exploitation due to lack of exploit mitigation.
Solution
Update your device: Kindly update to latest patch/version when available
Disable Auto-fetching of MMS: Kindly disable Auto-fetching MMS for both Hangout and regular
messaging apps.
HANGOUT: DISABLE AUTO FETCHING MMS:
1. Open Hangout
2. Tap Options on the top left corner
3. Tap Settings -> SMS
4. In General, If you have Hangout SMS Enabled then in the Advanced uncheck Auto Retrieve MMS
