cancel
Showing results for 
Search instead for 
Did you mean: 

Stagefright Attack

Steve
Seasoned Pro
Posts: 6,853
Thanks: 336
Registered: ‎13-07-2009

Stagefright Attack

It takes only a single text message to hack an Android Smartphone.
Quote
Stagefright attack, the Mother of all Android Vulnerabilities puts 950 million smartphones at risk
Over 95 percent of Android smartphones in circulation or roughly 950 million smartphones may be vulnerable to a unique but critical hack attack called Stagefright.

I will sleep better tonight  Grin  http://www.techworm.net/2015/07/stagefright-attack-it-takes-only-a-single-text-message-to-hack-an-an...
If life gives you lemons, make lemonade.
14 REPLIES 14
dvorak
Moderator
Moderator
Posts: 29,473
Thanks: 6,623
Fixes: 1,482
Registered: ‎11-01-2008

Re: Stagefright Attack

it only takes an MMS not a text message.. and just switch off pre-fetching of mms and you're pretty much ok.
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
chrcoluk
Grafter
Posts: 1,990
Thanks: 5
Registered: ‎11-12-2013

Re: Stagefright Attack

has been patched in chompsms, which raises another point.
If you stuck on an old version of android meaning the stock sms app will remain vulnerable, using something like chompsms that has patched it should bypass the issue.
AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

Blackberry are releasing the Priv this November, their first go at an android device
http://blogs.blackberry.com/2015/10/heres-what-people-are-saying-about-priv-by-blackberry/
Supposedly it combines BlackBerry security with android app availability, something they have struggled with previously. Not sure how that will pan out. The biggest malware on the device is Google play services itself which everyone agrees to when they set up the device.
chenks76
All Star
Posts: 3,274
Thanks: 338
Fixes: 12
Registered: ‎24-10-2013

Re: Stagefright Attack

Google Play Services is not Malware.
Not sure how you can even claim something as absurd as that.
AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

Grin was probably exaggerating a tad. But anything that makes you give access to your personal data in return for playing a free game or app is to be frowned upon in my eyes. Like someone at Apple once said, rough quote so don't be holding me to it. With other phones you own the product, with android you are the product.
chenks76
All Star
Posts: 3,274
Thanks: 338
Fixes: 12
Registered: ‎24-10-2013

Re: Stagefright Attack

surely that's the game (and developer) at fault then for asking to access such data.
oh and apple, the iphone/ipad is simply a tool to get you to you buy content from them via their various "stores", if you think it's anything other than that then the word delusion springs to mind.
i'm not saying android is perfect, but people need to seriously drop this "apple is the innocent" pretence.
disclaimer - both apple and android user.
AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

Another disclaimer. I have neither, BlackBerry man through and through and have been for many years although I do have any gods amount of apple products but they're my wife and daughters.
Not having a troll at droid users BTW, my understanding is that to get in Google play store your app has to meet certain criteria a lot of which involves Google play services. You either allow it or not use the app, no choice. Droid users waved that right with a disclaimer when they set up the phone. Although they are working on it I believe, they also have little control over which apps are upto no good in the store.
What you end up with is an unsecured device which contains your browsing habits, files, location, bank details, contacts  then allow apps to have a little browse through your phone every now and again. Googles business model is to take whatever details they can find about you and use this information to sell on for profit to other parties.
It wasn't that long ago someone hacked an android device and found the finger print scanner information was kept in a unencrypted text file. Imagine having something has important as biometrics kept insecure then allowing an app to look at them files. You can see where that's heading.
Essentially like I said, with Google you are their product, that's how they make there money and are quite open about it. Doesn't bother me that much, I would have a droid if needs be but if you look at all the malware that does come out its predominantly for android because the os is fundamentally flawed. 
chenks76
All Star
Posts: 3,274
Thanks: 338
Fixes: 12
Registered: ‎24-10-2013

Re: Stagefright Attack

Quote from: AverageWhiteBloke
It wasn't that long ago someone hacked an android device and found the finger print scanner information was kept in a unencrypted text file. Imagine having something has important as biometrics kept insecure then allowing an app to look at them files. You can see where that's heading.

that'll be a propriety samsung app then?, as it's only been samsung devices that had fingerprint scanners until a few weeks go, and up until Marshmallow android didn't support native fingerprint.
that's not an android issue but more an issue with the samsung fingerprint app.
AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

chenks76
All Star
Posts: 3,274
Thanks: 338
Fixes: 12
Registered: ‎24-10-2013

Re: Stagefright Attack

yeah HTC propriety software.
that's not an android fail, that's an HTC fail.
VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: Stagefright Attack

I don't use a mobile.
So I'm bullet-proof. Grin

"In The Beginning Was The Word, And The Word Was Aardvark."

AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

It's the fact that the information could be accessed in the first place. Android was built insecure from the off then went on to build on the same os regardless. Google doesn't give a monkeys cuss about your privacy. In fact the more information they can gleen the better because that's what they do for a living. As long as people know this that's fine but often they don't. 
They have however been forced into and the priv I mentioned earlier is the first product of that nature. Google have partnered with BlackBerry to try and achieve this. Samsung has also partnered with BlackBerry with the knox project for similar ends. It's a pity people didn't realise that in the first place.
The black phone, which was android and tried to fill a gap in the market when they thought BlackBerry was going bust was hacked within 48 hours of release. For me I'll just stick with my BlackBerry running its own BB10 software and leave these afore mentioned vulnerability to the people who want lots of free apps from un verified sources. 
chenks76
All Star
Posts: 3,274
Thanks: 338
Fixes: 12
Registered: ‎24-10-2013

Re: Stagefright Attack

Blackberry needs Google/Samsung more than Google/Samsung needs Blackberry;
This is Blackberrys last throw of the dice before they shut up shop.
It'll fail though, the Blackberry brand is toxic now.
AWB70
Aspiring Pro
Posts: 1,197
Thanks: 20
Fixes: 3
Registered: ‎28-08-2007

Re: Stagefright Attack

I agree on the mobile device hardware side of the business. BlackBerry has and is moving towards being a software company. Connecting things securely like power stations, hospitals, airports. The qnx system they own is one of the more robust and secure you can get. They even put the software into a lot of cars. Last throw of the device for phones maybe but looking at some of the companies they have recently bought out I don't think it's their main business right now. 
The bis service where data from your phone was compressed and encrypted was the start of the problem. Sales people couldn't make commission on it because you paid directly to BlackBerry. They steered you away in the store. This left BlackBerry with tons of unsold inventory. Now if you want a BlackBerry you generally buy direct from them or resellers so they have better control over supply and demand. Not unusual these days to have to wait for a phone. Bis is now Bes and BlackBerry have started byod (bring your own device) where apples and android devices are being managed in the work place.
As this post clearly points out with stage fright consumers and enterprise users are clearly more aware with the amount of confidential information stored on devices these days that something needs done. BlackBerry are probably the best people  to do it so it's mutually beneficial to all parties. BlackBerry couldn't get developers to make apps for the BlackBerry eco system because of the stringent rules and obviously market share. App Devs build for the biggest audience wanting a quick ROI. And so on and so forth. Building the priv solves googles security issues and BlackBerry lack of apps.
Having said that with android running sandboxed built into bb10, the amazon appstore built in a snap which gives BlackBerry access to googl play I haven't came across an app I couldn't use yet. Other than ones requiring Google services although there are workarounds.
Not that I'm bothered. I'm not an app guy, my philosophy is tools not toys. I don't think you've heard the last from BlackBerry yet.