- Category: August 2015 - Security
Stagefright, a vulnerability that allows attackers to steal information from Android devices, was discovered just a couple of weeks ago. This flaw allows attackers to steal information from Android devices through remotely executed code via a maliciously crafted multimedia messaging service message (MMS).
With 950 million users of Android devices potentially affected and a failed attempt by Google to fix the issue, users should take Stagefright more seriously than other commonplace vulnerabilities, ESET, a global pioneer in proactive protection, recommends. According to investigations, all versions of Android from Froyo (2.2) inclusive are vulnerable and versions prior to Jelly Bean are at higher risk, since they do not incorporate the appropriate mitigations.
The company explains: “Amongst the thousands of lines in the source code of Android, there is a media library called Stagefright in charge of managing multimedia formats that allow users to playback videos and music on their Android devices. Attackers exploit Stagefright by designing malicious MMS messages that are sent to victims. In these cases, the only information required for highly targeted attacks is the victim's phone number. In some instances, devices can be compromised, even when users do not play or watch the actual message content. Simply viewing the MMS can affect the device. With Google Hangouts, however, it is possible for devices to be compromised almost instantly.”
ESET launched an app on Google Play to help Android users detect Stagefright on their devices. The expert recommends for users to further check with their vendors whether a patch for their Android device already exists and to deactivate the short message service (SMS) auto retrieve function for Messenger and Hangout applications for now.
"Asia Pacific has one of the highest Android mobile user concentration in the world, making the region a prime target for cyber hackers. Mobile users should always remember to follow cyber security best practices, such as avoiding clicking on messages or links from suspicious sources and updating their operating system software regularly," said Parvinder Walia , Sales Director at ESET Asia Pacific . "We hope that more consumers will download the app as a proactive measure to secure their devices."