Android Spying
-
vileliquid1026
- Posts: 1178
- Joined: Thu May 03, 2007 4:48 pm
Android Spying
Has anyone heard about a new Android spyware called 'Stage Freight'? I figured if anyone knew it was you folks.
[i]Be sure your sin will find you out...[/i]
Re: Android Spying
Never heard of it, but 1 minute of googling tells me it works by receiving a MMS.
Don't think i've ever received one of those seeing as they were practically outdated by the time they were invented, so yeah, not too worried.
Don't think i've ever received one of those seeing as they were practically outdated by the time they were invented, so yeah, not too worried.
[size=85][color=#0080BF]io chiamo pinguini![/color][/size]
Re: Android Spying
Ok, lol, I'll spill.
It's actually called "Stagefright" and it's not spyware but the name of an Android library that is used to (among other things) draw previews of media items in the notification area. There is a bug in this library that allows an attacker to send harmful content disguised as an image to a victim. One way of delivering such a payload is through MMS, but that's not the only way (I believe WhatsApp is susceptible to such attacks as well). Once deployed, the payload can, without user interaction, grant the attacker access to certain parts of Android that normally would be off limits.
The bug has been fixed some time ago in Android, but the real problem is that very few handset manufacturers roll out updates to fix such problems. Therefore it's very well possible that your phone is still vulnerable to such attacks.
You can use the Zimperium Stagefright detector to determine if your phone is vulnerable to attacks. If so, it could be wise to disable MMS and disable automatic media downloads in apps such as WhatsApp, Google Hangouts or other applications that can receive media items from strangers.
It's actually called "Stagefright" and it's not spyware but the name of an Android library that is used to (among other things) draw previews of media items in the notification area. There is a bug in this library that allows an attacker to send harmful content disguised as an image to a victim. One way of delivering such a payload is through MMS, but that's not the only way (I believe WhatsApp is susceptible to such attacks as well). Once deployed, the payload can, without user interaction, grant the attacker access to certain parts of Android that normally would be off limits.
The bug has been fixed some time ago in Android, but the real problem is that very few handset manufacturers roll out updates to fix such problems. Therefore it's very well possible that your phone is still vulnerable to such attacks.
You can use the Zimperium Stagefright detector to determine if your phone is vulnerable to attacks. If so, it could be wise to disable MMS and disable automatic media downloads in apps such as WhatsApp, Google Hangouts or other applications that can receive media items from strangers.
Re: Android Spying
Cheers man. I appear to be vulnerable! 
Disabled auto media downloads in whatsapp, don't think i have any other stuff that can auto download things from strangers.
Disabled auto media downloads in whatsapp, don't think i have any other stuff that can auto download things from strangers.
[size=85][color=#0080BF]io chiamo pinguini![/color][/size]
Re: Android Spying
Note that Stagefright consists of several issues identified as individual CVE's. These CVE's are displayed by Zimperium's testing tool. CVE-2015-6602 and CVE-2015-3876 were added to the detector at a later stage. Stagefright contained a similar bug for both images and audio files. Initially only the bug for images was identified and patched in Android and only at a later time the audio exploit was fixed. So if the aforementioned CVE's are the only ones in red, then your phone did receive the update to fix the problem with images but not with audio files. There's a good chance your phone will receive a fix for the audio problem as well then.
Re: Android Spying
My phone's vulnerable but I'm really not bothered. I think the chances of actually getting hit by this are pretty slim anyway 
.
.
Re: Android Spying
"chances are pretty anyway"
weeell, maybe pretty so
weeell, maybe pretty so
Re: Android Spying
Ninja mod edit completed .
.