StageFright Exploit Awareness : What You Need to Know

Standard

Screen-Shot-2015-07-27-at-10.32.45-1940x1271

Do you think sending and receiving video text is risk free? Believe it or not, it is now as easy as getting a common computer virus. There is a new exploit called ‘stagefright’ that is sent via video within a text message. The virus uses the android process named ‘libStageFright’ (which is built into every android device) to steal information. Android Central states, “the gist is that a video sent via MMS (text message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus the “Stagefright” name), which helps Android process video files. Many text messaging apps — Google’s Hangouts app was specifically mentioned — automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it.”

Since it is exploiting a function on the device, a high number of android devices are vulnerable, but for the most part, there is a built in defense on about 95 percent of all devices as long as they are using Android Version 4.0 or higher. This protection is called ‘Address Space Layout Randomization’ and allows for software to not store its data in the same places so finding data is random. This is not a perfect fix, but does help.

Some good news is that this was not discovered by hackers so many are not exploiting it. Many large cell phone providers, such as HTC, Motorola, and Google, are working to release patches and updates to fix this vulnerability.  There are also a few free detector apps that are available on Google Play that help detect vulnerabilities. You can install the StageFright Detector App here.

If you have any questions about virus vulnerabilities, give Everon a call at 888-244-1748. We’re happy to help!