StageFright Detector App Lets You Know If Your Device Is Vulnerable

Discussion in 'Android News' started by DroidModderX, Aug 7, 2015.

  1. DroidModderX

    DroidModderX Super Moderator
    Staff Member Premium Member

    Joined:
    Oct 6, 2011
    Messages:
    5,626
    Likes Received:
    2,102
    Trophy Points:
    478
    Ratings:
    +2,221
    [​IMG]

    If you are shaking in your boots over stagefright you probably shouldn't be. Google has said that the exploit has not been used much, and most modern phones have a protocol which would make it incredibly difficult to hack a phone in this way. If you are worried that your phone might be vulnerable you can know for sure thanks to a new app on the Google Play Store called the "StageFright Detector App". I know very original name. To use the app just click the "Begin Analysis" button. Once analysis has finished you will know whether or not your phone is vulnerable. If it is you can protect yourself by disabling your stock messaging app and using an app like Textra which has the stagefright patch built in. Head to the link below to grab the detector app.

    via Play Store
     
  2. Ollie

    Ollie Droid Does

    Joined:
    Apr 13, 2012
    Messages:
    3,442
    Likes Received:
    2,103
    Trophy Points:
    1,468
    Location:
    South Coast
    Ratings:
    +2,483
    Current Phone Model:
    Note Edge - iPhone 6 Plus
    Even though I have been patched by Google (via Tmobile) this app still shows me as being vulnerable. That leads to the inevitable question of whom I should believe...Google or Zimperium.

    Screenshot_2015-08-07-23-26-45.png
     
    • Like Like x 1
  3. RETG

    RETG Active Member

    Joined:
    Jul 8, 2010
    Messages:
    613
    Likes Received:
    80
    Trophy Points:
    28
    Location:
    West of the Rockies, East of the Pacific
    Ratings:
    +95
    Neither. Google doesn't want you to know if there software is vulnerable and Zimperium want to sell you some security software. :D
     
    • Agree Agree x 1
    • Funny Funny x 1
  4. mountainbikermark

    mountainbikermark Super Moderator
    Staff Member Premium Member

    Joined:
    Sep 5, 2010
    Messages:
    7,455
    Likes Received:
    3,886
    Trophy Points:
    1,563
    Ratings:
    +4,348
    Note4 with AT&T patch
    [​IMG]

    Support Our Troops !!!
    <><
    Beast Mode 4
     
    • Like Like x 1
  5. Efin

    Efin Diamond Member

    Joined:
    Apr 19, 2014
    Messages:
    5,714
    Likes Received:
    3,415
    Trophy Points:
    1,563
    Ratings:
    +3,652
    My Verizon S5, showing as up to date in my Verizon "update list", shows as Vulnerable as well, then wants me to send my info to their sales department... Sounds fishy to me.
     
    • Agree Agree x 1
  6. Ollie

    Ollie Droid Does

    Joined:
    Apr 13, 2012
    Messages:
    3,442
    Likes Received:
    2,103
    Trophy Points:
    1,468
    Location:
    South Coast
    Ratings:
    +2,483
    Current Phone Model:
    Note Edge - iPhone 6 Plus
    I don't think their app is reporting properly.
     
  7. Ollie

    Ollie Droid Does

    Joined:
    Apr 13, 2012
    Messages:
    3,442
    Likes Received:
    2,103
    Trophy Points:
    1,468
    Location:
    South Coast
    Ratings:
    +2,483
    Current Phone Model:
    Note Edge - iPhone 6 Plus
    Here are the explanations for the code that they are checking against:

    1. CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution

    2. CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution

    3. CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution

    4. CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution

    5. CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution

    6. CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution

    7. CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread

    8. CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution

    9. CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution

    10. CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution
     
Search tags for this page

stagefright mp4 forum