How To: Find out if your Android device is vulnerable to the Stagefright exploit

Avatar

0
1020

Right now, the Stagefright bug is likely the most important known vulnerability of the Android OS. Don’t think it’s easy to exploit this bug though – there’s a huge leap from merely existing to turning it into a working hack.

However, it’s not impossible, and while Android devices running Ice Cream Sandwich (4.0) or higher had several exploit mitigation technologies implemented that make it way harder to exploit bugs (according to Adrian Ludwig, Android’s lead security engineer), the story is different for older devices.

We recently analyzed some of the things you can do to protect your device against Stagefright, and to sum it up, it all comes down to disabling MMS auto retrieve within your default messaging app, the function that when turned on, makes your phone automatically download any received MMS through which the malicious code (if present) can execute itself.

Still, the only thing that offers full protection are the security patches as provided by Google. With auto retrieve turned off, the MMS won’t download automatically, but your device could still get infected if you choose to download the media yourself.

Zimperium, the cybersecurity firm that discovered the Stagefright exploit through its researcher Joshua Drake, released an interesting app just a few hours ago. It’s called Stagefright Detector App and it’s not hard to guess what it does, but I’ll explain it anyway (just to avoid any confusion).

Not that I would want to cause panic, but Zimperium has also published a Stagefright demo showing the exploit in action.

How the Stagefright Detector App works

Stagefright Detector - Google Play

The app is as straightforward as it gets. Simply install it from the Play Store, open it and tap on the ‘Begin Analysis’ option. It will then test for CVE identifiers of the patches released by Google. If your device doesn’t have them, the analysis result will say that it’s vulnerable. No surprise here.

Stagefright Detector App

But as long as your Android device is running 2.2 or higher, then you already know its vulnerable. So how is Stagefright Detector App useful? Perhaps the single, but definitely important purpose of the app is to find out whether your device received the security patches or not.

Nevertheless, the app cannot tell if your device is infected, only if it’s vulnerable. Other than presenting you with the analysis result, the Stagefright Detector App doesn’t do anything, besides a way to contact Zimperium – perhaps they are gathering statistics on which phones are still vulnerable. A few days ago they launched the Zimperium Handset Alliance, an initiative through which the company plans to collaborate with all interested mobile carriers and device manufacturers to speed up the availability of security updates. It makes sense that collecting data on vulnerable devices can be useful in this situation.

How to tell if your device is actually infected by a Stagefright exploit

As much as I would like one, there’s no app for that, at least not yet. For the end user there will always be some signs that could be attributed to malware being present on your phone. These include:

  • unusual battery drain (for no apparent reason)
  • higher data usage
  • phone heating up while idle
  • system instability – like random reboots, crashes and shutdown delay
  • slow and/or laggy OS
  • suspicious files and folders that have been recently created

among others. Many of these ‘symptoms’ can happen for other reasons than malware infection, but in this case the changes should be sudden, not gradual like when your phone is getting older and doesn’t work as well as new.

Also, none of these signs can point to a specific exploit so you can’t be 100% sure it Stagefright or something else. An alarming clue would be a received MMS from an unknown sender that downloaded itself (if you have the auto retrieve option enabled) or that you downloaded manually.

The truth is a Stagefright exploit could work in devious ways. Infect a device then send an apparently harmless MMS from there, to one of the contacts and infect another device. So you can’t just wait for a suspicious MMS from someone you don’t know, because it may very well come from a colleague, friend, or other people you know.

How to actually keep your phone safe from Stagefright

Forget MMS ever existed

Disabling MMS auto-retrieve is hardly enough. At this point, it would be best to just forget about MMS completely and delete any such messages you receive. If it’s from someone you know, you can tell them they can send the media file to you via email or a chat app like WhatsApp (isn’t this how it should be done anyway? Is anyone still using MMS these days?). It’s also a great way to find out if they actually sent the message themselves and not some exploit actively working in the background.

…While you wait for the patches

Companies like HTC and Samsung are already working on patches for their Android devices and Google released a security update for Nexus devices yesterday (which include the fixes for the Stagefright library) for Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player. If you’re the lucky owner of one of these devices, then it’s probably patched against the Stagefright exploit. Still can’t hurt to run the Stagefright Detector App just to be sure.

Install CyanogenMod

The usual problem with Android smartphones is older devices are usually ignored when it comes to OS and security updates. If you have a phone that’s 18 months old or more, the chances of it actually getting new security patches are slim to none.

The only way of getting these (and future) security patches is to install a custom ROM that’s still actively developed. CyanogenMod 12.0 and 12.1 nightlies are already patched (and probably CM11 by now). According to this XDA thread XenonHD should have them as well – if you’re using this ROM could you test it with the Stagefright Detector App and let us know if it’s safe from the bug?

Are you running any other custom ROM (or know of one) that’s been patched against the Stagefright exploit? Tell us in the comments section, and we’ll be happy to update this post!

Don’t forget to check out our Android guides section for more handy tips, tricks and how tos and don’t forget to follow us on Facebook, Twitter, Pinterest and Google+ to receive our latest news and apps & games reviews for Android, iOS and Windows Phone !