Scary Vulnerability: One Text Can Hack 95% of Android Phones

I'm curious if this could be accomplished via email as well.
 
Scary indeed. Nowadays, it's kinda difficult to have that sense of security like the good old days. I guess this is the price we had to pay that comes with the advancement of technology
 
Jonny Kansas said:
From what I read, I believe it said that this is based on how android handles media in MMS messages.
Click to expand...

So does email handle media files differently? You would think they hook into the same framework as the MMS does.
 
Ollie said:
So does email handle media files differently? You would think they hook into the same framework as the MMS does.
Click to expand...
According to Lookout...

Any number of applications can process MMS content and thereby receive exploits, but devices using Google Hangouts for this purpose may be most at risk since a victim may not even need to open the message in Hangouts for an attacker to take control of their device. In all other hypothetical attacks it appears a victim needs to open their default SMS messaging app and the message thread itself for the exploit to work (although the media file does not necessarily need to be played within the app).

Based on Lookout’s own Stagefright research over the last 24 hours it also appears that multimedia viewed in a browser (e.g. a web video) could be used to deliver a Stagefright attack.

Read more: What you need to know about the new Android vulnerability, “Stagefright” (What you need to know about the new Android vulnerability Stagefright Lookout Blog
 
Ollie said:
The memory over flow is a separate exploit released yesterday evening. It isn't StageFright.
Click to expand...
Yeah. I was wrong. Oh well. I'm still not disabling anything on my phone.
If I get hijacked before a cure is provided I'll be sure to post my ordeal here!
 
Miklb58 said:
How are we to know when the problem has been fixed?

Sent from my Verizon Galaxy Note4 using Tapatalk
Click to expand...
Textra update I got this morning says it's fixed now on their app

Support Our Troops !!!
<><
Beast Mode 4
 
mountainbikermark said:
Textra update I got this morning says it's fixed now on their app

Support Our Troops !!!
<><
Beast Mode 4
Click to expand...
Bold claim. Wondering what they did to fix it...

The vulnerability is fixed, or they added an option to not auto-retrieve MMS?
 
Jonny Kansas said:
Bold claim. Wondering what they did to fix it...

The vulnerability is fixed, or they added an option to not auto-retrieve MMS?
Click to expand...
2f9df5f6394badf17f6b1443977b8b0b.jpg

129a3cd9415d2a45409321e7b7b8eeaa.jpg


Support Our Troops !!!
<><
Beast Mode 4
 
I find it suspect that they released the very same feature that I requested a few days ago. It is suspect because they told me that simply turning off auto downloading wasn't enough to protect yourself from StageFright.

And I quote (from my response email):

"P.S In other apps, turning off auto-retrieve is NOT enough as once you tap 'download' the exploit becomes active. Additionally you would not get any MMS pics or group messages. Not a good solution."

Maybe they threw that in their because I mentioned I would have to switch back to Messenger in the mean time?
 
Ollie said:
I find it suspect that they released the very same feature that I requested a few days ago. It is suspect because they told me that simply turning off auto downloading wasn't enough to protect yourself from StageFright.

And I quote (from my response email):

"P.S In other apps, turning off auto-retrieve is NOT enough as once you tap 'download' the exploit becomes active. Additionally you would not get any MMS pics or group messages. Not a good solution."

Maybe they threw that in their because I mentioned I would have to switch back to Messenger in the mean time?
Click to expand...
Well, they're technically right. If you download a message that wasn't downloaded by auto-retrieve and it's got the necessary code/command/whatever for the exploit, you're SOL.

I'm assuming that they've added some code to block whatever the trigger is so that you can still get MMS and group messages without having to worry. If that's truly the case, that's a better fix than turning off Auto-Retrieve.
 
Jonny Kansas said:
Well, they're technically right. If you download a message that wasn't downloaded by auto-retrieve and it's got the necessary code/command/whatever for the exploit, you're SOL.

I'm assuming that they've added some code to block whatever the trigger is so that you can still get MMS and group messages without having to worry. If that's truly the case, that's a better fix than turning off Auto-Retrieve.
Click to expand...

It looks like they just added a feature that other text apps have. They can't fix the exploit...just hinder the path the exploit needs to take so their update is putting them on par with other apps. I just found it to be funny.
 
Ollie said:
It looks like they just added a feature that other text apps have. They can't fix the exploit...just hinder the path the exploit needs to take so their update is putting them on par with other apps. I just found it to be funny.
Click to expand...
I'm fine with that until Google does its part, pushes it to Samsung, who will find a way to add bloat to it and take forever to do so then push it to AT&T who will take forever to do it and find a way to make it use more battery on my phone and add more bloat at the same time before eventually pushing it out.

Support Our Troops !!!
<><
Beast Mode 4
 
You must log in or register to reply here.

Similar threads

DroidModderX
StageFright 2.0 Bug Leaves More Than 1 Billion Android Phones Vulnerable
Replies
0
Views
2K
DroidModderX
DroidModderX
DroidModderX
StageFright Detector App Lets You Know If Your Device Is Vulnerable
Replies
6
Views
3K
Ollie
Ollie
dgstorm
Adobe Flash for Android Has Critical Vulnerability
Replies
7
Views
3K
EvilDobe
EvilDobe
dgstorm
Stagefright Patch Pushing Out to Various Androids: Nexus 6, Nexus 5 & Several Sprint Galaxy Devices
Replies
2
Views
2K
Ollie
Ollie
dgstorm
New Android Vulnerability Compromises Any Handset Through Chrome
Replies
7
Views
3K
cr6
cr6
Back
Top