Android smartphone users are facing a tough time with the Stagefright bug, which has potentially put millions of people at immense risk. After it was learnt that the bug had slipped the company's security patch, Google along with other smartphone manufacturers took to patching this vulnerability.
Since Google runs the show for all Android smartphones, a prominent fix from the web giant was essential. Google finally came up with a solution and rolled out the security update earlier this month. If you are assured that Google's security patch was impenetrable, think again.
A security researcher at Exodus Intelligence, Jordan Gruskovnjak, discovered Google's Stagefright security patch was flawed. At the time of rollout, Google said the security update fixes the Stagefright bug and shields Android users from attackers. Considering the Stagefright bug puts at risk any Android device running version 2.2 (Froyo) and above, the impact can cover up to 95% of all Android smartphones in the world, which accounts to nearly 950 million in number.
The soaring risks associated with the Stagefright bug makes it "the mother of all Android Vulnerability". The security loophole was discovered only a few months ago by a security firm, called Zimperium, and a tool called Stagefright Detector App was also developed to diagnose the infection in any smartphone.
According to Gruskovnjak, who claims Stagefright is still a threat to Android smartphones, the bug scanner failed to detect the flaw during the tests. Gruskovnjak's conclusions are based on the testing performed on an updated Nexus 5 using an mp4 file.
"Along with the initial bug report, a set of patches to stagefright flaws were supplied and accepted by Google. One of these patches, addressing CVE-2015-3824 (aka Google Stagefright 'tx3g' MP4 Atom Integer Overflow) was quite simple, consisting of merely 4 lines of changed code," Exodus Intelligence said, Digit reports.
Stagefright bug got its name as it comes from Stagefright media playback engine, which has been associated with Android platform since Froyo rollout. The bug can be sent to any device in an MMS file, puzzled with malicious codes. According to Zimperium, Stagefright bug is triggered on 50% of Android devices without any interaction with the malicious MMS file, but poses high security risk when the file is played. This will install the bug and let open doors for hackers to take control of the device and steal all sensitive details.
Interim Tips to Stay Safe from Stagefright Bug
Stagefright is installed on an Android device via MMS as primary source. It is essential that users follow steps to disable auto-download for MMS on SMS, Hangouts and videos on apps like WhatsApp.
To stay clear of Stagefright risks, disable "Auto-retrieve MMS" that can be found inside Messaging app Settings. Perform the same action if you are using Google Hangouts or Handcent Next SMS. Third party messaging apps such as WhatsApp must also disable auto-download for media. Go to Settings > Chat Settings > Media Auto-download.
These steps will keep you safe from Stagefright bug temporarily. Look out for Google's security updates to permanently fix the vulnerability.