Author Topic: Stagefright exploit and how to protect yourself with AMS  (Read 13620 times)

0 Members and 1 Guest are viewing this topic.

Offline hermansky

  • Moderator
  • Full Member
  • *
  • Posts: 113
  • Product Manager - VPNs
Stagefright exploit and how to protect yourself with AMS
« on: July 30, 2015, 09:06:44 AM »
Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware.

Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

  • All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.
  • The malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link.
  • Despite the fact that we are very limited in possibilities how to prevent this attack, we are working very hard to find out universal solution.
  • Now you can prevent this attack by following this step-by-step guide on our blog.
« Last Edit: July 30, 2015, 12:27:32 PM by hermansky »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
« Last Edit: August 14, 2015, 11:20:28 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Stagefright exploit and how to protect yourself with AMS
« Reply #2 on: August 23, 2015, 05:04:28 AM »
I am curious why Avast never contact me via email or through the Android app that this is a problem. Strangely enough, Lookout Security, an app I had uninstalled from my phone, did!!

Also, I am not finding any messages from Avast whether or not the Virus Scanner or any other part of the Avast app is providing any protection against Stagefright.

I consider Avast 100% remiss in this. And have to look at Lookout with a second consideration.

Offline hermansky

  • Moderator
  • Full Member
  • *
  • Posts: 113
  • Product Manager - VPNs
Re: Stagefright exploit and how to protect yourself with AMS
« Reply #3 on: August 24, 2015, 12:56:52 PM »
Hi datamason and others,
actually we notified all users of AMS via notification leading to our blogpost where is step-by-step guide how to avoid this threat.

Now we work also on realtime Stagefright protection (it will be released hopefully during next few weeks). But regarding Stagefright detection.. It's still not 100% reliable (https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/) and we don't want to put into product something that can somehow mislead user.

And sending e-mails about (not only) threats is pretty nice idea and definitely in near feature it will be implemented.

Thanks for your feedback!

Tomáš Heřmanský
(Product Manager of Mobile Security)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33667
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

REDACTED

  • Guest
Re: Stagefright exploit and how to protect yourself with AMS
« Reply #5 on: March 05, 2016, 07:23:32 PM »
Already get hacked  :(

And it was very hard to join the french support within the urls shared in this post of the french avast community https://forum.avast.com/index.php?topic=169505.0

Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware.

Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

  • All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.
  • The malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link.
  • Despite the fact that we are very limited in possibilities how to prevent this attack, we are working very hard to find out universal solution.
  • Now you can prevent this attack by following this step-by-step guide on our blog.
« Last Edit: March 05, 2016, 07:44:06 PM by antoinebougre »