Stage fright - the myths vs the facts

Discussion in 'tech' started by Lain, 4 May 2016.

  1. Lain

    Lain End of line. #resist
    Sneaky

    This thread aims to address the Stage fright issue for Android users and is a direct response to the unnerving things I have been reading and hearing even in tech circles.

    Stage fright is an Android component that is needed for Android to function.

    If you have a device that is not patched, or is not patchable, you can mitigate the issue but ultimately cannot fully abate the issue if you still intend to use said device for a phone/MMS tool.

    This tool here, can help you check to see if your device(s) are vulnerable.

    If you have a vulnerable device you can A) update the device with a carrier or manufacturer provided firmware, B) root the device and install a non-supported firmware that has been patched, C) decommission the device as a phone/MMS device.

    Stage fright issues can be mitigated by disabling the autofetch for your MMS. This is only effective until you fetch the malformed MMS.

    You can move to Firefox which disables stage fright operation by default, this is verified by typing 'about:config' in the address bar and searching for stage fright.

    Buying a brand new phone does not mean you are protected, as proof I bought two phones last week, an LG and an Acatel, both are vulnerable with no carrier or manufacturer updates ( which is fine for their purpose but makes my point).

    Using the broken stage fright, a device can be infected and cleaned up with no notification to the end user and little evidence behind.

    Mass text messages sent to random phone numbers can yield scary results. Please do your best to protect yourself.
     
  2. Govi

    Govi Ça va chier.
    Bitchy

    Stage fright?
     
  3. Lain

    Lain End of line. #resist
    Sneaky

    Stagefright, for some reason my autocorrect keeps separating the words, is an Android component responsible for prefetching media content for display by the system.

    Some researchers blew a hole in it, and the short version is that any user who is on a device with a vulnerable revision of stagefright is at risk of being exploited in a seriously aggregious way, with little or no protection.

    Anyone using a Nexus device that is applying their updates properly will not be affected. Most Android 5.1 phones I have come across are patched.

    Older versions of Android are at the most risk, especially if you are using an off-brand device or a carrier that is negligent in pushing updates.

    Of course they would prefer to sell you an updated handset, so unless you are using a flagship product and/or a responsible carrier you are most likely fending for yourself.

    I have purchased four handsets in the last month. Two were patched and safe, two were not. The two safe handsets were AT&T and running Android 5.1. The unsafe handsets were an Acatel from Tracphone, and an LG from Net10. Running Android 4.4 and 4.1 respectively.
     
    • Like Like x 1
  4. Kita

    Kita Should Update Title

    I am on... 4.4, I believe. I am holding out for the Note 6. Long overdue for an upgrade.

    Definitely picking up that app, thanks! I have lookout running and lock down what I can already, but some dick got a hold of my number a few months ago, and it has ended up on every type of spam list you can think of. Getting multiple spam calls of every type a day. Double checked the Do Not Call list, and yup, still on there. It has been on there for over 10 years, since they first started it really. I am using Mr. Number to automatically block and it works fairly well. It compares the number against online repositories to check for spam potential, then blocks if it has a high spam score. It sends me a notice when it does so. It is never wrong when something is spam, though it has missed a few numbers because they are new. It also sometimes still lets the phone ring a couple times before it drops the call, I am assuming because there was a delay checking the number for some reason. Or it is my phone, which bis completely bogged down from years of crap accumulating.
     

Share This Page