Stagefright exploit and how to protect yourself with AMS

[hermansky]

Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware.

Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

• All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.
• The malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link.
• Despite the fact that we are very limited in possibilities how to prevent this attack, we are working very hard to find out universal solution.
• Now you can prevent this attack by following this step-by-step guide on our blog.

[polonus]

Google update does not protect and they keep enrolling this:
https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/

Test here: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector

polonus

[REDACTED]

I am curious why Avast never contact me via email or through the Android app that this is a problem. Strangely enough, Lookout Security, an app I had uninstalled from my phone, did!!

Also, I am not finding any messages from Avast whether or not the Virus Scanner or any other part of the Avast app is providing any protection against Stagefright.

I consider Avast 100% remiss in this. And have to look at Lookout with a second consideration.

[hermansky]

Hi datamason and others,
actually we notified all users of AMS via notification leading to our blogpost where is step-by-step guide how to avoid this threat.

Now we work also on realtime Stagefright protection (it will be released hopefully during next few weeks). But regarding Stagefright detection.. It's still not 100% reliable (https://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/) and we don't want to put into product something that can somehow mislead user.

And sending e-mails about (not only) threats is pretty nice idea and definitely in near feature it will be implemented.

Thanks for your feedback!

Tomáš Heřmanský
(Product Manager of Mobile Security)

[polonus]

Now out in the open: https://blog.zimperium.com/the-latest-on-stagefright-cve-2015-1538-exploit-is-now-available-for-testing-purposes/

polonus

[REDACTED]

Already get hacked 

And it was very hard to join the french support within the urls shared in this post of the french avast community https://forum.avast.com/index.php?topic=169505.0

Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware.

Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.

• All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.
• The malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link.
• Despite the fact that we are very limited in possibilities how to prevent this attack, we are working very hard to find out universal solution.
• Now you can prevent this attack by following this step-by-step guide on our blog.