Android phones and devices have been proven highly vulnerable to an attack that could cause permanent damage to the user’s data as well his phone. It exploits a small glitch in the Android system installed on all android devices which allow the attacker to gain access to the user’s device. The vulnerability is called Stagefright.
What is Stagefright?
Stagefright is a component in android devices that caters to multimedia operations handling. Most android device developers grant stagefright system permissions, which is just one step short of root access. It is simple to understand that why such a vulnerability is a serious issue for a service provider that has millions of users all over the world. If an attacker can exploit Stagefright, then the user’s phone is solely at the attacker’s mercy.
How it works?
Stagefright is typically exploited via MMS or multimedia messages. Almost 95% android devices auto-download incoming multimedia messages in the user’s inbox. As soon as the user opens this message, his or her device is infected with the virus. While MMS is the simplest way to infect a device, there are other ways as well.
Since stagefright is a multimedia handling component in android devices, even web pages that have multimedia that look to exploit stagefright can be easy-to-use entry points into the user’s device. Just by visiting a web page that has that particular multimedia file can lead to the user’s device falling prey to the stagefright attack. It is a wonder that this vulnerability has not yet spread like a worm infection.
How to Avoid Stagefright Vulnerability in Android
There are no hard core and extremely efficient ways to protect against stagefright vulnerability. The simplest method for android stagefright exploit protection is to disable your device’s auto-downloading media feature. This ensures that multimedia received on your device is not downloaded automatically by the device.
As long as you do not download the multimedia-looking to exploit the stagefright vulnerability, your device is secure. Even when you receive an MMS from a trusted source, it is better not to open it before confirming with the sender as his device might have fallen victim to the stagefright vulnerability and the attacker could have sent the multimedia message to all the victim’s contacts. The threat of the multimedia accessing your device from a web page, however, still persists. This takes us back to the question of how to avoid stagefight vulnerability in android.
The developers could provide a security patch that could prevent users from this vulnerability, but that has not been the case so far. Unfortunately, Android play store does not provide any antivirus software that has system permissions, so all android antiviruses are useless against stagefright vulnerability.
Coming forward with an app to take care of it would mean that Google would have to revamp many aspects of the Play store. Although they have done so when security threats have been identified in the past, doing so for Stagefright has not been deemed feasible yet.
Although the more recent high-end phones that support android are due to receive a security patch to help users avoid stagefright vulnerability, the older devices that use older versions of android are left hanging in the middle.