Vulnerability in Android media engine Stagefright


Current media reports talk of a vulnerability that should be taken seriously and that allegedly affects 95% of all Android mobile devices. For this reason the problem has huge implications; nevertheless, it is important to react to this information with a level head. G DATA is providing tips to defuse the situation – although only the device manufacturers can solve the problem.

What is the issue?

What makes these vulnerabilities so bad?

Why is the user "almost" defenceless? What can he do?

Closing the vulnerabilities in the operating system's source code is a job for the device manufacturers. They need to carry out repairs here and provide updates for the devices concerned. One particular problem is that the holes do not only need to be closed in the Android operating system. Many providers of mobile devices have carried out specific adaptations and now need to update their operating versions. 

There are two mitigating steps that offer some protection against the MMS attacks described: 

  • Automatic loading of MMS content needs to be disabled on the device.
  • Users need to block the receipt of text messages from unknown senders wherever possible.

Even so, the options of other attack vectors remain unaffected by this, so users can only hope for a fast response from the device manufacturers. 

Who is affected by the problems?

How long has this vulnerability been known about?

What does this mean for the future?

Can anything positive be drawn from this event?