|
||||||||
Android user test, still vulnerable to Stagefight? |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#1 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Android user test, still vulnerable to Stagefight?
I thought of this idea when the topic came up in another thread. Tell if if your Android device is still vulnerable to Stagefright.
There a few apps to choose from, but this one is very reputable, you don't have to use that one, choose your own from the store. Please check for over the air updates before posting to see if a fix is available. https://play.google.com/store/apps/d...detector&hl=en Tell us:- Make / Model of device : Are you vulnerable according to the app? Have you disabled auto receive MMS as a precaution? Bear in mind that this discovery was in July, affecting 95% of Android devices (1Billion) and that all you need to do is send a malicious MMS message, how many are now still vulnerable? |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#2 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
I'll start..
Make / Model of device : LG G3 Are you vulnerable according to the app? Yes Have you disabled auto receive MMS as a precaution? Yes http://oi61.tinypic.com/29mq7ow.jpg |
|
|
|
|
|
#3 |
|
Forum Member
Join Date: Mar 2000
Location: This forum
Posts: 3,389
|
Using the same Zimperium Detector app.
Make / Model of device: Moto G 4G/LTE (1st edition) - Android 5.1 - up to date Are you vulnerable according to the app? Yes Have you disabled auto receive MMS as a precaution? Yes http://oi62.tinypic.com/21msxv7.jpg |
|
|
|
|
|
#4 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Would be good to see some more, I'm curious which manufacturers have pushed out updates. Screenshots optional, but definitely would be good to hear what devices people have and if they are patched.
|
|
|
|
|
|
#5 |
|
Forum Member
Join Date: Sep 2007
Posts: 620
|
Make / Model of device : Nexus 6 (running Android 6.0 Marshmallow) Are you vulnerable according to the app? No Have you disabled auto receive MMS as a precaution? No http://i.imgur.com/NGA3dJT.png |
|
|
|
|
|
#6 |
|
Forum Member
Join Date: Mar 2001
Location: North West
Posts: 4,884
|
Make & Model: Samsung Galaxy S6 Edge
Are you vulnerable? Yes Have you disabled auto receive MMS as a precaution? No https://goo.gl/photos/HFXWHG7bhnkGCHB78 I have several other devices which report pretty much the same, if anything this is a fault of Google's not the device makers. Given so few people use MMS now in Europe I wonder what fuss is? |
|
|
|
|
#7 |
|
Forum Member
Join Date: Sep 2007
Posts: 620
|
Quote:
Make & Model: Samsung Galaxy S6 Edge
Are you vulnerable? Yes Have you disabled auto receive MMS as a precaution? No https://goo.gl/photos/HFXWHG7bhnkGCHB78 I have several other devices which report pretty much the same, if anything this is a fault of Google's not the device makers. Given so few people use MMS now in Europe I wonder what fuss is? |
|
|
|
|
|
#8 |
|
Forum Member
Join Date: Mar 2001
Location: North West
Posts: 4,884
|
Quote:
All someone needs to exploit this is your phone number.
I can see the potential threat, but not the actual one if you know what I mean? |
|
|
|
|
#9 |
|
Forum Member
Join Date: Dec 2003
Location: London
Posts: 1,241
|
Quote:
Would be good to see some more, I'm curious which manufacturers have pushed out updates. Screenshots optional, but definitely would be good to hear what devices people have and if they are patched.
|
|
|
|
|
|
#10 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Quote:
Make & Model: Samsung Galaxy S6 Edge
Are you vulnerable? Yes Have you disabled auto receive MMS as a precaution? No https://goo.gl/photos/HFXWHG7bhnkGCHB78 I have several other devices which report pretty much the same, if anything this is a fault of Google's not the device makers. Given so few people use MMS now in Europe I wonder what fuss is? The other thing is that the vulnerability isn't just an MMS issue, any browser or app can take advantage of the same exploit if you visit a website with that code on. The exploit even has more permissions than you do as a normal user of the phone! The worst case scenario is a worm that infects a device and then sends MSS messages to your phone contact list and infects all of them, and then their contacts send to all theirs etc.. They can also use the exploit to make money by making your device visit ad links or use premium rate services that they earn money from, or in the long run ransomware like cryptolocker as you know many devices will never be updated. |
|
|
|
|
|
#11 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
To add that ASLR prevents this exploit from being successful in most cases, and that is a challenge which the 'bad guys' are up against, but they have successfully been able to work around ASLR after some time on other operating systems. They are always researching and working around the security protections.
One of the issues is that only 2.1% of Android devices are actually 'supported' meaning only that many will get updates for security fixes, 97.9% are abandoned or where no updates will be available anymore. If not this exploit, then the next will be used, and the issue is that you've got a device with premium rate calling functionality, always on data and usually lots of personal data too. |
|
|
|
|
|
#12 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
No one in their right mind would accept an usolivited mms video if they have already turned off auto mms receive.
The problem is, if a friends devuce has been taken over by a bot and is attempting to spread via sending videos via mms ! I never even knew mms could send videos, stupid costing being the kiss of death there. And you have to be slightly lazy/stupid to send mms picture messages too. |
|
|
|
|
|
#13 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Quote:
No one in their right mind would accept an usolivited mms video if they have already turned off auto mms receive.
The problem is, if a friends devuce has been taken over by a bot and is attempting to spread via sending videos via mms ! Luckily it isn't being exploited in the wild yet, but I'm sure there are cyber criminals planning on it and looking at what they can do without being tracked back / caught. They have to develop code and look at how to spread it and how to monetise it and this takes quite a bit of time usually, especially for exploit kits to start being developed and sold on the black market. It might be for now that there's lower hanging fruit as is often the case with these things. As I say, if not this exploit it'll be the next. |
|
|
|
|
|
#14 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Networks are a bunch of b******s so theyaint going to send a mass text to their customers advising them to turn it off.
They could make it opt in at their end, but again that ain't ever going to happen. |
|
|
|
|
|
#15 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Quote:
To add that ASLR prevents this exploit from being successful in most cases, and that is a challenge which the 'bad guys' are up against, but they have successfully been able to work around ASLR after some time on other operating systems. They are always researching and working around the security protections.
One of the issues is that only 2.1% of Android devices are actually 'supported' meaning only that many will get updates for security fixes, 97.9% are abandoned or where no updates will be available anymore. If not this exploit, then the next will be used, and the issue is that you've got a device with premium rate calling functionality, always on data and usually lots of personal data too. |
|
|
|
|
|
#16 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Quote:
I was skeptical about 64 bit processors, but having one and running 64 bit code is one thing that can make it quite a challenge for malware if used together with ASLR.
I think it is early days as well, it might just be that they haven't managed to exploit it in the wild, but that right now it is being worked on as a project by cyber criminals who are writing code and developing a whole exploitation system around it. Certainly we know that this is what we see with other exploits on other platforms. In Windows we see banking sites altered as a result of malware, we see search sites swapped out to revenue earning search results, we see ransomware, we see owners unaware that their machines are part of a botnet DDOSing servers like today's attack on the UK's National Crime Agency and we see password theft for sale in batch, especially gaming passwords, on a phone there's the added bonus of premium rate calling and texting to revenue earning services. Your phone has a lot of apps, logins, passwords, contact numbers, email information and is a goldmine of information if they can successfully access that without being caught and with no need to trick the user, just craft the right kind of video file and you're away, the user either drives by the website or adverts or auto receives an MMS video. |
|
|
|
|
|
#17 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
It is still easier to have malicius apps in the various app stores, though Windows has the 10s, maybe 100s of thousands of bots out there now!
|
|
|
|
|
|
#18 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
I remember reading an article about getting past ASLR to call Windows APIs in Internet Explorer. I cannot find it, but the author demonstrated it at one of those hacking competitions where he started a local programme via a script on a web page IIRC. He didn't get past UAC, but it was still something
|
|
|
|
|
|
#19 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
Quote:
It is still easier to have malicius apps in the various app stores, though Windows has the 10s, maybe 100s of thousands of bots out there now!
This exploit has root access right into the core of the OS and it only requires a multimedia message. It has the potential to be wormable too. |
|
|
|
|
|
#20 |
|
Forum Member
Join Date: Mar 2009
Posts: 14,545
|
|
|
|
|
|
|
#21 |
|
Forum Member
Join Date: Mar 2015
Posts: 983
|
Yes LG patches started rolling out end of August.
Not quite sure what's going on with my G4, Zimperium says CVE-2015-3864 is vulnerable, but another detector says it's not vulnerable. Maybe to do with the way I flashed the kdz. OnePlus 2 was also patched a while back. |
|
|
|
![]() |
|
All times are GMT. The time now is 13:35.


