| Individuals August 5, 2015


August 5, 2015

Stagefright Detector: Lookout’s app tells you if your Android device is vulnerable

By Lookout

Last week, the world learned about critical vulnerabilities in Stagefright, an open source media player used by 95 percent of Android devices, or roughly one billion devices worldwide. In addition to the sheer number of people that are likely at risk, this vulnerability is especially scary because if it can be delivered via MMS (which is automatically downloaded to the device by default), the code can remotely execute on your device without you actually doing anything. It would then have unfettered access to the camera, microphone, contacts, and photos – very personal stuff.
Now the real kicker. You will need to wait for a pending security update from your carrier, device manufacturer or Google to ultimately patch this vulnerability and be completely safe. To check if a patch is available for most Android devices, go to Settings and click System Updates.
That’s why we’ve developed Stagefright Detector. This app arms you with information by telling you whether or not your Android device is vulnerable to Stagefright. If you are affected, we provide the run-down on how to mitigate your risk of being attacked. You’ll also be able to check back in when you receive your security patch to confirm it contained the fix for Stagefright.
Stagefright
How Lookout’s Stagefright Detector works
Once downloaded, the app checks to see if you have a vulnerable version of the media player. The app will inform you if a) you’re not vulnerable or your device has already been patched, or b) you’re vulnerable and your device has not yet been patched.
What to do if your device is vulnerable
Within Stagefright Detector, Lookout provides detailed instructions on disabling the auto-fetching of MMS messages in your default messaging app. Depending on your phone, this app may be “Hangouts,” “Messages,” “Messaging,” or “Messenger.” By disabling this functionality, you prevent an attacker from getting the device to automatically download a malicious video containing Stagefright exploits.
You can also find these instructions in Lookout’s blog here.
While these instructions will make it harder for a device to be exploited via MMS, Lookout encourages Android users to exercise caution when viewing videos displayed on untrusted websites or included in messages from unknown senders. We’d be remiss to not also advise that you download a security app, like Lookout, that can protect you if the vulnerability is exploited to deliver malware to your device.
Disclaimer:
Stagefright Detector is not meant to fix this vulnerability, as the vulnerability will need to be patched by Google or your device manufacturer. Stagefright Detector is only meant to keep you informed about your level of risk. Stagefright Detector is a project of the Labs division of Lookout, Inc. The goal of Lookout Labs is to explore new ideas and push the boundaries of mobile apps. Labs projects are experimental by nature, and may only be available for a limited time.

Author

Lookout

Leave a comment

Submit


38 comments


Dana says:

May 17, 2016 at 12:01 am

I'd rather drop my phone than I'll have no more bills or new plans..those things are subject to change without you even knowing..then you could be stuck with the bill after..but thank God my dad paid that bill...soon to be chain..er....wireles!!! I guess so, I just wish I would have received a statement...but it's all good in the end, I had to look, but I found it after all. Pretty sad, but like I said...I didn't need it anyway....broke too many times. I come from a generation where if it's broke, you fix it...


suzette says:

April 24, 2016 at 11:42 pm

S galaxy tab pro 8.4 showing stage fright vulnerabilities. Tried downloading patches, but can't install. Can't find way to disable mms hangouts on tab settings. Please provide additional info/instructions, to help w/problem. Thnx in advance.


Meghan Kelly says:

April 25, 2016 at 11:49 am

Hi Suzette, sorry to hear that. Your carrier should be able to help you install the patch or point you toward the right patch, if one is available!


Nick@androidupdate says:

January 20, 2016 at 1:19 am

Stagefright" is the nickname given to a potential exploit that lives fairly deep inside the Android operating system itself. The gist is that a video sent via MMS (text message) could be theoretically used as an avenue of attack through the libStageFright mechanism (thus the "Stagefright" name), which helps Android process video files.


Kaynee Harris says:

November 18, 2015 at 1:36 pm

Thank you for lookout security I'm using it for my azpen tablet and my mobile phone. This is an amazing app You ladies\ gentleman are life savers. Thank you for taking the time out to care about our personal data and saftey....Love all of you :-)


DAYANAND says:

November 07, 2015 at 6:47 am

i purchased intex smartphone from lost 2 months,and i update 2 times in these 2 months,is can i free from stage fright? and i wants to know the stage fright collect which informations in android phones? is this collects my phone's gallary videos or photos? please inform me.


+ Load more comments