A new Android vulnerability, Stagefright, just got released, potentially affecting 95% of all Android devices. This represents a massive number of Android devices: 950 million devices worldwide! What’s concerning most is that all a hacker needs to know to exploit Stagefright is the victim’s phone number. Even more alarming, under certain conditions, the victim need not do anything (no accepting, clicking, downloading, installing, etc.) for this exploit to take place.
Stagefright is the name of the media library in the Android operating system that processes several different media formats. This library is written in C++ and is prone to memory corruption. Security researchers at Zimperium found several remote code execution vulnerabilities in this library–the worst of which requires no user intervention.
Among the possible attack vectors, attackers can exploit these vulnerabilities by crafting a special MMS message and sending it to the victim’s device. This vulnerability impacts all Android devices running 2.2 and higher versions of the operating system. The following CVEs were assigned to the Stagefright Android vulnerability:
Skycure’s Recommended Remediation
It is important to understand that this is a device-level vulnerability and a vendor issued update is critical to the fix. Please update your devices to the latest version as soon as the update is available. Some MMS applications auto-load attachments without giving the user a chance to delete them. Disabling auto-load will partially mitigate this vulnerability. An extreme way to mitigate the threat would be to completely turn off MMS messaging. However, that might not be an ideal solution for those adversely impacted by lost productivity.
The Enterprise edition of the Skycure Mobile Threat Defense solution offers a multi-layered solution to mitigate the Stagefright vulnerability:
- Blocking of MMS on Vulnerable Devices: Skycure allows enterprises to manage all mobile vulnerabilities including Stagefright. Our solution can identify the devices at risk, and block MMS on vulnerable devices leveraging integration with an EMM solution such as AirWatch and MobileIron.
- Enterprise Alerting: While not all the technical details of the vulnerability have been exposed, an early test by our researchers shows that the Enterprise edition of the Skycure Mobile Threat Defense app will alert both the user and enterprise IT professionals of malicious MMS messages that exploit the Stagefright vulnerability.
- Malware Detection and Mitigation: Should an attacker put malware on an Android device via the Stagefright vulnerability (via MMS or other means), Skycure’s Malware Detection Engine will kick in as an additional layer of protection. In case of privilege escalation and device rooting, Skycure’s OS Vulnerability Analysis will also detect modifications to the underlying OS (as a result of it being rooted).
To disable auto loading of MMS attachments using Android’s Messaging app, follow the steps shown below:
If you’re using Google Hangouts as your SMS/MMS client:
Download a free version of the Skycure app from both Apple and Google Play app stores to detect a plethora of mobile cyber attacks including physical, network, malware and vulnerability exploits. If you need help with assessing whether your organization is at risk because of the Stagefright vulnerability or any other mobile vulnerability, threat or attack, you can request a free trial here.