Thursday, August 06, 2015

HOWTO : Stagefright Vulnerabilities Detection and Protection on Android

What is Stagefright vulnerabilities in Android?

Android devices running Android versions 2.2 through 5.1.1_r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.

Detection

To test your Andorid if it is vulnerable to Stagefright vulnerabilities, you can use the following Apps by Zimperium INC.

Google Play - Stagefright Detector by Zimperium INC

Protection

It is recommended to update/upgrade your Android ROM to non-vulnerable version. If your vendors do not release any update/upgrade, you can perform the following steps for a workaround.

Workaround to protect your Android device

Remarks

I confirmed that CyanogenMod 12.1 Nightly for OnePlus One is fixed the Stagefright vulnerabilities by using Google Play - Stagefright Detector by Zimperium INC while OnePlus One v5.0.2 (Cyanogen OS version 12.0-YNG1TAS2I3) and Google Nexus 5 v5.1.1 (Build number LMY48B) are still vulnerable to Stagefright vulnerabilities at the time of this writing.

It is also confirmed that CyanogenMod 12.0 and 12.1 are fixed for the vulnerabilities. Or, you may consider to flash CyanogenMod ROM if your devices are supported.

If you have OnePlus One, you can follow this guide to update/upgrade your OnePlus One.

That's all! See you.