G Data about the vulnerability in the Android library Stagefright

A recent media report about a serious vulnerability in the Android software, which makes 95 percent of smartphones working under this system is vulnerable to attack. Is a serious problem, but the whole thing should be approached with caution. G the DATE gives few tips to relieve the situation, while the total solution to the problem rests on the shoulders of equipment manufacturers.


What is the problem?


The main culprit of all this confusion is a hole located in the library of Stagefright, responsible for multimedia processing. Stagefright engine is used for recording and playback of audio and video. The attackers, using properly crafted file can run malicious code on the device. The whole process runs in the background without the knowledge and involvement of the user terminal.


Why is so dangerous?


In the system there is at least one opportunity to carry out the attack, in which the user of the device becomes practically unprotected. Crafted file is sent MMS, this is because most of the phone processes the content of the message before it will inform the user of its receipt. Then hackers have an open door and they can both infect your device, as well as acquire administrator privileges.

Interestingly, the hacker can delete MMS, directly after the successful action in this way, the victim does not see any interference. Incidentally, issues related to the attacks carried out via MMS-that are the subject of numerous discussions, a lot of interesting information about the Stagefrigha popped up during this year's BlackHat Conference.



Why the user is almost unprotected? What do I do?


Eliminate vulnerabilities in the source code of the operating system is a task for the manufacturers. They have to remove bugs and provide updates for different versions of the operating systems on the users ' devices. However, it is worth noting that the patching holes in the operating system Android, not exactly solves the problem. Many vendors of mobile devices is used for different kinds of overlays, own, modify the software versions.

However, there are two ways to better protect against attacks carried out via MMS.


Tips-how to protect yourself from the vulnerability StageFright?

  • Prevent automatic loading of the MMS content in device settings
  • If possible, phone users should block messages from unknown people

Who is most at risk?


Vulnerable are all versions of Android version 2.2 up, which means that the problem is currently about 95% of the smartphones running under the Green fellows. The most vulnerable to infection are versions of the software, which preceded the versions of Jelly Bean (about 11% of all devices). In practice, however, this does not really matter, report authors admit that users at risk of smartphones may not feel safe. CERT Division of the Software Engineering Institute publishes on its website a list of affected devices.


Since when do we know about luce?


The first official information about the detection of vulnerabilities in Stagefright appeared 27 July 2015 year. Although the user nicknamed Droopyar, known in the development environment Google about its existence back in March!



What's next?


According to researchers the Stagefright engine is not the only component of the vulnerable to new type of attack. Its innovation lies in the fact that smartphones and tablets are automatically become infected without your knowledge or action. Previously the terminal owners have to perform some action. But it is already history. New kinds of attacks do not require any user interaction. Soon you can expect offensive cyber criminals using this formidable mechanism. This means that issues related to the protection of mobile devices are becoming much more important than before.


If you can draw a positive conclusion from this event?


Google provides that Nexus terminals will receive monthly security update. In addition, in the future Nexus device will receive major updates for 24 months, and security updates for 36 months (starting date sets the debut of the model on the market). However, in the event that the model will be phased out from the official sales, the buyer will receive 18 monthly support, counted from the last day of the sale.

However, unclear policy on security of mobile devices of other manufacturers, puts clients in quite a difficult situation. Time to wait for the update system or patching holes may be quite long. Such a State of affairs leads to large disparities in terms of the safety of Android users, what is provided for in 2011 year- G DATA Malware Report H1 2011.



Source: G DATA



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.