Android and iOS are as vulnerable to security exploits as just about any other piece of code out there, irrespective of the numerous safety measures taken by companies.
While Apple is able to roll out updates to its iOS devices at once to quickly patch any exploit, the situation is completely different in the Android ecosystem. Once a security exploit is discovered in Google’s mobile OS and made public, the company quickly rolls out security patches within a few weeks for its Nexus devices. Then, in the following weeks and months, other OEMs like Samsung, HTC and LG follow it up with OTA updates for some of their most popular devices out there.
This still leaves millions of other Android device owners vulnerable to a major security exploit that can allow any rogue app to steal their private information or harm their phone in anyway.
What is ‘Stagefright’?
One such exploit which was recently discovered in Android is called ‘Stagefright.’ The exploit was first discovered by a company called Imperium in July, which further revealed more information about the exploit at the BlackHat conference held in early August.
The ‘Stagefright’ exploit allows hackers to gain system or media permission access on your Android device by including their nasty code inside a video sent as an MMS. The code is able to achieve this by using a loophole in Android’s ‘libStageFright’ system process. To make matters worse, certain messaging apps, including Google’s own Hangouts, automatically process videos found inside an MMS, which basically means that a hacker can steal personal information from your smartphone without you even knowing it.
Thanks to the Address Space Layout Randomisation (ASLR) technology built into Android though, more than 90 percent of the Android devices out there should be protected against this vulnerability. However, this does not mean that the ‘Stagefright’ vulnerability does not pose a serious risk. It still does, which is why Google and OEMs like Samsung and LG have announced that they will be rolling out monthly security updates for their devices to fix any exploits.
How to know if your device is affected
As complex as ‘Stagefright’ and all the above sounds, it is actually quite easy to figure out whether your Android device is affected by this vulnerability or not. Simply download the Stagefright detector app from the Google Play Store, open it and tap the ‘Begin analysis’ button. Once the app has analysed your Android device, it will automatically display whether it is affected by the vulnerability or not.
If your Android device is not affected by this vulnerability, kudos to your OEM for already incorporating a fix in their firmware. If it is, read below.
What to do if your Android device is affected by ‘Stagefright’ vulnerability
Do nothing, really. You just need to wait for your device OEM to roll out a firmware update for your device incorporating the fix. Since the vulnerability exists at a very low level of the OS, no application or an update to Google Play Services will help fix it.
While the security exploit is no doubt serious, there are zero known instances of any hacker using it for their own benefit. Additionally, Android comes with multiple layers of security, including ASLR, so even if someone tries to use this vulnerability for their benefit, the chances of them succeeding are very less.
As a pre-caution though, you can disable auto-retrieval of MMS messages on your Android device for the time being.