Stagefright detection: is your device safe?

Forums › Android › Stagefright detection: is your device safe?

1 | 2 | 3 | 4

1743 posts

Uber Geek
+1 received by user: 204

Trusted

#1362617 11-Aug-2015 09:42

Galaxy S6 failed 1/6
Galaxy S4 Mini failed 3/6

Kopkiwi

2617 posts

Uber Geek
+1 received by user: 258
Inactive user

#1362640 11-Aug-2015 09:58

Note 4. Failed 2 of the 6. Because why not.

I won't expect a patch from Samsung within the next 6 months.

nzkiwiman

2585 posts

Uber Geek
+1 received by user: 390

Subscriber

#1362675 11-Aug-2015 10:52

Nexus 4
Failed 3/6

Have not received the newest version of 5.1.1 yet via OTA. Not keen on flashing

edge

edge
425 posts

Ultimate Geek
+1 received by user: 42

Trusted

Lifetime subscriber

#1362711 11-Aug-2015 11:25

nzkiwiman: Nexus 4
Failed 3/6

Have not received the newest version of 5.1.1 yet via OTA. Not keen on flashing

Just FYI - my update for Nexus 4 (5.1.1 LMY48I) was waiting for me this morning, so hopefully you won't be too far away.

"It is useless to attempt to reason a man out of what he was never reasoned into."
— most commonly attributed to Jonathan Swift, author/theologian

nedkelly

666 posts

Ultimate Geek
+1 received by user: 104

Trusted

Subscriber

#1362823 11-Aug-2015 13:16

Honor 6, 3/6 failed.

mrgsm021

1538 posts

Uber Geek
+1 received by user: 310

ID Verified

Trusted

#1362873 11-Aug-2015 14:49

Based on the posts so far, it is pretty consistent with the claim that over 90% of Android smartphones are affected...

AliExpress

Shop now on AliExpress (affiliate link).

1eStar

1604 posts

Uber Geek
+1 received by user: 375

#1363002 11-Aug-2015 17:14

If you are rooted you can edit your build.prop file to disable the stage fright media player. Or you can buy an app that will do it for you.

https://play.google.com/store/apps/details?id=devnull.stagefrightpropchanger

Or [still rooted] you can uninstall your default mms handler from system and install 3rd party messaging app (textra chomp etc) that has been patched, to remove stagefright vulnerability.

The other suggested line of defence is to obfuscate your mms apn. I.E. disable mms. However it is noted that other apps can still access the stagefright media player, malicious coders could still potentially cause havoc.

My note2 is vulnerable, I'm rooted, but I feel I'm more likely to stuff up the build prop file than I am to get stage frightened. I hate mms anyway so I think I'll try disabling mms.

michaelmurfy

meow
13580 posts

Uber Geek
+1 received by user: 10911

Moderator

ID Verified

Trusted

Lifetime subscriber

#1363106 11-Aug-2015 19:05

Galaxy S5 on Cyanogenmod 12 -

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

1eStar

1604 posts

Uber Geek
+1 received by user: 375

#1363130 11-Aug-2015 19:42

After doing a bit more reading tonight it seems that even doing a build.prop modification does not change the stagefright vulnerability. The recommended interim mitigation including for unrooted phones is:

1. Disable MMS automatic download in all apps that handle SMS
2. Use Firefox and in about:config set stagefright.disabled to true.
3. Use MXplayer as your default Video handler

I found the above in this thread:

http://forum.xda-developers.com/android/help/android-mms-stagefright-exploit-t3166457/post62197171#post62197171

lNomNoml

1842 posts

Uber Geek
+1 received by user: 521

ID Verified

#1363232 11-Aug-2015 21:57

OnePlus One 6/6

freitasm

BDFL - Memuneh
80653 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1363236 11-Aug-2015 22:04

1eStar: If you are rooted you can edit your build.prop file to disable the stage fright media player. Or you can buy an app that will do it for you.

https://play.google.com/store/apps/details?id=devnull.stagefrightpropchanger

Or [still rooted] you can uninstall your default mms handler from system and install 3rd party messaging app (textra chomp etc) that has been patched, to remove stagefright vulnerability.

The other suggested line of defence is to obfuscate your mms apn. I.E. disable mms. However it is noted that other apps can still access the stagefright media player, malicious coders could still potentially cause havoc.

My note2 is vulnerable, I'm rooted, but I feel I'm more likely to stuff up the build prop file than I am to get stage frightened. I hate mms anyway so I think I'll try disabling mms.

Somehow I think this would still leave about 900 million devices behind - not everyone uses root...

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Lego

Shop now for Lego sets and other gifts (affiliate link).

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#1363400 12-Aug-2015 08:40

lNomNoml: OnePlus One 6/6

6 / 6 failed or passed??

Regards,

Old3eyes

Dairyxox

1595 posts

Uber Geek
+1 received by user: 455

#1363430 12-Aug-2015 09:30

Existing topic here, beat you by about two weeks. Android has developed Stagefright

Almost everything cellular & Android is vulnerable at the moment.

More interesting: Has anyone seen an infected device, or know someones who has?

I've been disabling auto mms retrieval in devices around the company, but its not really a fix, if someone chooses to download the message then its still borked.

This is certainly damning for androids security update model (Almost no updates from some vendors - c'mon Huawei).

I'm still waiting on Lollipop for my Spark 4G Galaxy Tab S, let alone the Stagefright Fix.

markl

348 posts

Ultimate Geek
+1 received by user: 83

#1363490 12-Aug-2015 10:20

old3eyes:
lNomNoml: OnePlus One 6/6

6 / 6 failed or passed??

LOL, and what version and OS are you running on your OnePlus? I'm on the last OTA of CyanogenOS 12 and I only pass 3/6...

mdf

3566 posts

Uber Geek
+1 received by user: 1519

Trusted

#1363499 12-Aug-2015 10:35

So I got the notification that a new update was available (Nexus 5, Lollipop 5.1.1). Tried to install it and got a fatal error message (the wee android guy lying on his back with his chest open and a red triangle exclamation mark thing). I have unlocked the bootloader and rooted, but that hasn't stopped OTA updates previously. Now when I check for updates it tells me I'm up to date, but using the Stagefright checker still shows the same vulnerabilities.

I found a couple of references to similar errors with the Nexus 6, but nothing about the 5 or how to fix. These other threads refer to being able to try and install multiple times though, which I can't seem to do.

Anyone else experienced anything similar?

Does anyone know if you reflash manually you can just get the incremental updates, or does it have to be a fresh/clean install? I could do without setting everything up again.

1 | 2 | 3 | 4