What is Android stagefright exploit and how does it effect me? This is the question that everybody is asking so i will be trying to cover it in this post. First lets get an understanding of what StageFright is and can do to your device. StageFright is library or lib that has been around since Android 2.2 and is still being used in android 5.1.1 today. This is the reason that it is such a big exploit and called StageFright.
How does StageFright work?
The easiest way to hack into a device with StageFright is a video sent via MMS. which theoretically could be used as an avenue of attack through the libStageFright, which helps Android process video files. Many text messaging apps including Google’s Hangouts app automatically process that video so it’s ready for viewing as soon as you open the message, and so the attack theoretically could happen without you even knowing it. StageFright could also be exploited by installing a app that has the exploit in it or every by downloading a hacked video file that could run the exploit. If StageFright is implemented on your device the hacker can view and see everything that you do, bank accounts emails and more.
What can we do about it?
First you want to open your messaging app and go into settings and turn off AUTO RETRIEVE MMS. This will keep the a hack from happening automatically at least. You could still open a MMS and get it but that is still one more step that has to happen. Next don’t install apps from unknown sources, which really is always a good idea and last be careful on the Internet. Google will be working on a patch for this and pushing it out in ota updates soon. We all now how long ota updates can take so best to address this yourself.
ASLR (Address Space Layout Randomization) is a method that keeps an attacker from reliably finding the function he or she wants to try and exploit by random arrangement of memory address spaces of a process. ASLR has been enabled in the default Linux Kernel since June 2005, and was added to Android with Version 4.0 (Ice Cream Sandwich). So if your device is android 4.0 and above you are much better protected.
From what i have heard stagefright isnt a exploit that has been seen working in the wild just discovered by some researchers and not implemented in real world. Since it is already public I dont think that many hackers would spend the time working on it, if it is going to be patch soon anyway.
HERE you can find a StageFright detector app that is interesting but is going to tell you that you are vulnerable unless you have the latest cm12.1 installed which already has been patch for stagefright.