Stagefright is a critical Android vulnerability that attackers can exploit using specifically prepared Multimedia Messaging Service messages (MMS).
What makes the vulnerability particularly troublesome is that it can be exploited passively on devices. All that it takes is to sent a prepared MMS to a device running Android to get system or media privileges on it.
Since it is possible to delete the MMS after it has been processed by the device and before the user had a chance to open it, it may go by completely undetected.
Considering how updates are deployed on Android, it make take weeks, months or even longer than that before devices are updated with patches for the vulnerability.
We have published a guide that explains how to protect your Android device from attacks regardless of patch status. To sum it up, all you need to do is disable the automatic retrieval of MMS on the device which most messaging apps support.
If you are unsure whether your device is affected by the issue you may use the Stagefright Detector App to find out about that.
To use the application download it from Google Play and start it afterwards. A click on the "begin analysis" button runs the vulnerability scan which should not take longer than a couple of seconds.
The result is displayed on the same page then so that you know whether your device is vulnerable or not.
The app may also point out that an operating system upgrade is needed to protect it from the vulnerability.
The Stagefright Detector App checks for the vulnerability but does not take into account the messaging settings. This means that it will conclude that your device is vulnerable to the Stagefright vulnerability even if you have disabled the automatic retrieval of MMS on it.
If you want to see Stagefright in action, watch the following exploit demo:
Now You: Is your device affected by Stagefright?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.