Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsAndroidStagefright detection: is your device safe?
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
nzkiwiman
2585 posts

Uber Geek

Subscriber

  #1363626 12-Aug-2015 13:24
Send private message

1eStar: After doing a bit more reading tonight it seems that even doing a build.prop modification does not change the stagefright vulnerability. The recommended interim mitigation including for unrooted phones is:

1. Disable MMS automatic download in all apps that handle SMS
2. Use Firefox and in about:config set stagefright.disabled to true.
3. Use MXplayer as your default Video handler

I found the above in this thread:

http://forum.xda-developers.com/android/help/android-mms-stagefright-exploit-t3166457/post62197171#post62197171


^ Hell no!
I won't go anywhere NEAR that player on my phone - sucks the battery dry after watching a 22 minute video while the stock player on Nexus 4 (5.1.1) hardly touches the battery.



andrew027
1286 posts

Uber Geek


  #1363670 12-Aug-2015 13:59
Send private message

HTC One (M7) running 5.0.2 failed, 3/6.

gzt

gzt
17111 posts

Uber Geek

Lifetime subscriber

  #1373271 24-Aug-2015 17:46
Send private message

Motorola released patch on the 10th. Awaiting carrier testing and deployment.

https://motorola-global-portal.custhelp.com/app/answers/prod_answer_detail/a_id/106654



michaelmurfy
meow
13242 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1373366 24-Aug-2015 21:20
Send private message

Annnd...

Oneplus Two:




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

nzkiwiman
2585 posts

Uber Geek

Subscriber

  #1373925 25-Aug-2015 15:11
Send private message

nzkiwiman: Nexus 4
Failed 3/6

Have not received the newest version of 5.1.1 yet via OTA. Not keen on flashing 

 

Got the OTA update on 21/8, installed with no issues

Beddhist
57 posts

Master Geek


  #1377643 1-Sep-2015 11:29
Send private message

Galaxy S Mini GT I8190N: vulnerable
Galaxy S GT I-9000: most of the check apps will either not install or not run. (I guess at age 3 it's considered obsolete.) Vulnerable.

I have written to Vodafone asking when we can expect fixes and in the mean time have disabled MMS (don't use it anyway).

Regards,
Peter.

muppet
2568 posts

Uber Geek

Trusted

  #1377647 1-Sep-2015 11:38
Send private message

mdf: So I got the notification that a new update was available (Nexus 5, Lollipop 5.1.1). Tried to install it and got a fatal error message (the wee android guy lying on his back with his chest open and a red triangle exclamation mark thing). I have unlocked the bootloader and rooted, but that hasn't stopped OTA updates previously. Now when I check for updates it tells me I'm up to date, but using the Stagefright checker still shows the same vulnerabilities.

I found a couple of references to similar errors with the Nexus 6, but nothing about the 5 or how to fix. These other threads refer to being able to try and install multiple times though, which I can't seem to do.

Anyone else experienced anything similar? 

Does anyone know if you reflash manually you can just get the incremental updates, or does it have to be a fresh/clean install? I could do without setting everything up again.


Late to the party - you probably have this WAY figured out by now,  but you can't install OTA's if you're rooted now.

I believe you can just flash the latest system.img from the factory builds page though to work around this, because you have unlocked your bootloader so it should be simple.

 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
throbb
675 posts

Ultimate Geek


  #1381295 7-Sep-2015 18:47
Send private message

My 2degress HTC M8 just had an update. Not vulnerable anymore

Beddhist
57 posts

Master Geek


  #1381308 7-Sep-2015 19:13
Send private message

Beddhist: Galaxy S Mini GT I8190N: vulnerable
Galaxy S GT I-9000: most of the check apps will either not install or not run. (I guess at age 3 it's considered obsolete.) Vulnerable.

I have written to Vodafone asking when we can expect fixes and in the mean time have disabled MMS (don't use it anyway).


Reply from Vodafone:

Thank you very much for raising this with us. We are aware of the theoretical Stagefright vulnerability and are working with our handset suppliers on a plan to address it for Vodafone customers.   The security of Vodafone customers is our highest priority, but it is important to note that Stagefright was identified by a security researcher, who has not published the details, and there are no indications of actual attacks on Android OS users exploiting this vulnerability.  
At the moment, Vodafone do have a Vodafone Secure Device Manager product that gives our customers the visibility of their fleet, and the ability to better manage devices, which could mitigate some of these risks.


No comment.

While not waiting for them I have disabled MMS reception, so I believe our phones are no longer vulnerable. I believe our carriers should take responsibility here and communicate with us, perhaps even giving us the option to turn off MMS at their end. But they won't, because they earn on every MMS sent.

Regards,
Peter.

freitasm

BDFL - Memuneh
79263 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1381329 7-Sep-2015 19:45
Send private message

You don't need to turn off MMS - just turn off automatic download, and then download only the ones from people you know.

On another hand, wife's HTC One M8 from Spark just downloading update.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Beddhist
57 posts

Master Geek


  #1381343 7-Sep-2015 20:10
Send private message

Yes, that's what I meant: I turned of automatic reception. The tricky part with our older Android version is that none of the instructions I found to show/set default apps actually work. I had to work by deduction, i.e. which apps had already received MMS.

I never ever use MMS anyway, so if I wanted to get radical I would delete the MMS gateway and that would be the end of it.

MartinGZ
359 posts

Ultimate Geek

Subscriber

  #1388031 15-Sep-2015 17:05
Send private message

LG G4 H815T Aus version of the phone. All Zimperium tests pass after recent OTA software update version 10h dated 25 Aug 2015. Version 10f did not pass the test (2 fails).




Nokia 6110, 6210, 6234, Sony Ericsson XPERIA X1, Huawei Ideos X5 (Windows Mobile), Samsung Galaxy SIII, LG G4, OnePlus 5, iPhone Xs Max (briefly), S21 Ultra. And I thought I hadn't had many phones - but the first one around 1997.

ilovemusic
1439 posts

Uber Geek


  #1389322 17-Sep-2015 21:32
Send private message

nz nexus 5 ota updated this morning to android 5.1.1. build LMY48M

passed all tests

yah !

StructureDr
77 posts

Master Geek


  #1391713 22-Sep-2015 10:42
Send private message

LG G2 was recently upgraded to 5.0.2 v30b-sea - now passes all tests.  Previous version (v30a) failed most - 5/6 or something like that.

jonathan18
7413 posts

Uber Geek

ID Verified
Trusted

  #1391728 22-Sep-2015 11:00
Send private message

StructureDr: LG G2 was recently upgraded to 5.0.2 v30b-sea - now passes all tests.  Previous version (v30a) failed most - 5/6 or something like that.


Similarly G3 and G4 models have received an upgrade and now pass all tests - good to see LG's been relatively quick to sort this out. How are other brands doing with this thus far?

1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright