StageFright Detector App Lets You Know If Your Device Is Vulnerable

[DroidModderX]

If you are shaking in your boots over stagefright you probably shouldn't be. Google has said that the exploit has not been used much, and most modern phones have a protocol which would make it incredibly difficult to hack a phone in this way. If you are worried that your phone might be vulnerable you can know for sure thanks to a new app on the Google Play Store called the "StageFright Detector App". I know very original name. To use the app just click the "Begin Analysis" button. Once analysis has finished you will know whether or not your phone is vulnerable. If it is you can protect yourself by disabling your stock messaging app and using an app like Textra which has the stagefright patch built in. Head to the link below to grab the detector app.

via Play Store

 

[Ollie]

Even though I have been patched by Google (via Tmobile) this app still shows me as being vulnerable. That leads to the inevitable question of whom I should believe...Google or Zimperium.

 

[RETG]

Neither. Google doesn't want you to know if there software is vulnerable and Zimperium want to sell you some security software.

 

[mountainbikermark]

Even though I have been patched by Google (via Tmobile) this app still shows me as being vulnerable. That leads to the inevitable question of whom I should believe...Google or Zimperium.

View attachment 75301

Note4 with AT&T patch

Support Our Troops !!!
<><
Beast Mode 4

 

[Efin]

My Verizon S5, showing as up to date in my Verizon "update list", shows as Vulnerable as well, then wants me to send my info to their sales department... Sounds fishy to me.

 

[Ollie]

I don't think their app is reporting properly.

 

[Ollie]

Here are the explanations for the code that they are checking against:

1. CVE-2015-1538, P0006, Google Stagefright ‘stsc’ MP4 Atom Integer Overflow Remote Code Execution

2. CVE-2015-1538, P0004, Google Stagefright ‘ctts’ MP4 Atom Integer Overflow Remote Code Execution

3. CVE-2015-1538, P0004, Google Stagefright ‘stts’ MP4 Atom Integer Overflow Remote Code Execution

4. CVE-2015-1538, P0004, Google Stagefright ‘stss’ MP4 Atom Integer Overflow Remote Code Execution

5. CVE-2015-1539, P0007, Google Stagefright ‘esds’ MP4 Atom Integer Underflow Remote Code Execution

6. CVE-2015-3827, P0008, Google Stagefright ‘covr’ MP4 Atom Integer Underflow Remote Code Execution

7. CVE-2015-3826, P0009, Google Stagefright 3GPP Metadata Buffer Overread

8. CVE-2015-3828, P0010, Google Stagefright 3GPP Integer Underflow Remote Code Execution

9. CVE-2015-3824, P0011, Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution

10. CVE-2015-3829, P0012, Google Stagefright ‘covr’ MP4 Atom Integer Overflow Remote Code Execution