Stagefright is the name of the media library that is responsible for playing media on the smartphone that is sent via MMS.
The dangerous thing about Stagefright is that it has been given an enormous amount of rights - and as zLabs has now published in its own blog , you can manipulate Stagefright via MMS and get full access to the victim's smartphone.
This gap is made even worse if MMS is opened via Google Hangouts, because Hangouts has the ability to process MMS automatically. In other words: pure reception is enough – Hangouts does the rest on its own. According to Joshua Drake, Vice President at Zimperium zLabs, intruders could send their MMS, take control of the smartphone directly and then delete the sent MMS themselves so that the actual owner does not even notice that they have been attacked and infiltrated.
Horror scenario?
According to zLabs, an estimated 950 million devices are affected by this vulnerability and the fatal thing about this security vulnerability is that the attacker does not have to wait for his victim to make an error, but simply sending a code is sufficient. In other words: simply knowing a telephone number can be the key to the system.
All systems since Android 2.2 are said to be affected by this vulnerability, with versions below 4.2 being particularly at risk.
zLabs admits differences - Google tones things down
However, different devices and newer Android versions are apparently not at such great risk because Stagefright no longer has such extensive access rights. As already mentioned, versions 4.2 and higher are already equipped with protection measures that make it more difficult to break into the system.
In contrast, Google does not rate the security situation as critical as zLabs does.
Solution?
According to zLabs, Google was informed about the vulnerability in May and Google also sent out patches to third-party manufacturers. However, it is not clear whether these were also installed and used. And this is where the problem lies: the slow update policy for Android devices is responsible for the fact that security gaps like these remain open for a long time on some devices, even though the gap has recently been closed.
Users are therefore dependent on their device manufacturer distributing the appropriate version.
Another, hardly satisfactory solution is to at least temporarily deactivate MMS reception. However, this would require an intervention in the APNs of the device, which we can only recommend to knowledgeable people. If you are logged in via Hangouts on your device, you may also want to log out here to avoid automated processing.
The following video shows a possible workaround for the recently discovered Stagefright vulnerability on Android.
By loading the video, you accept YouTube's privacy policy.
Learn more
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )