How to Avoid the Stagefright Vulnerability in Android
Android phones occupy the biggest share of cell phones in the market. At around 80%, Android devices are the most widely used phones worldwide. However, Android is susceptible to an appalling vulnerability that could cause serious damage to a user’s data as well as his device.
There is a minor but albeit dangerous glitch in the Android system installed on all Android devices, which grants attackers and hackers an easy passage into a user’s device. This small yet utterly dangerous vulnerability is called Stagefright.
What is Stagefright?
Stagefright is a component in Android devices which is used in multimedia handling. The component is granted system permissions in most Android running devices, which is only one level below root access. This fact alone is enough to open peoples’ eyes about the dangerous threat of Stagefright on Android devices.
All it requires is a little exploitation on the attacker’s behalf, and the user’s Android device is left hanging in the balance. The most astounding fact about the reality of Stagefright’s seriousness is the simplicity and effortlessness of the method to exploit it.
How does a Stagefright Attack Works?
Stagefright component of Android devices is generally exploited via MMS or multimedia messages. 95% of Android devices download incoming multimedia messages automatically in the user’s inbox without prompting him or her for the download. Upon downloading of the multimedia, all it takes for the attack to take effect is that the user opens the message. It is that simple to exploit the vulnerability.
What’s more is that there are other, equally simple, ways to go about triggering Stagefright attacks in Android devices. The fact that Stagefright is a multimedia handling component makes even web pages, that have multimedia looking to exploit Stagefright, viable entry points into the user’s device. If the user simply visits the web page that has that particular multimedia file, it’s game over.
How to Avoid Stagefright Vulnerability in Android
Although it is really simple to trigger a Stagefright attack, there are no fool-proof strategies to guard your device against it. Nevertheless, there are a couple of methods which can help you with defending yourself to a certain degree. They are:
- Disable the auto-download multimedia option in your device to ensure that multimedia messages containing Stagefright isn’t downloaded to your device automatically. It is also smart to check the receipt of all multimedia messages. You never know if a friend’s phone has been compromised by Stagefright.
- Developers could come up with a security patch to tackle this problem. Although this seems a straightforward and long-term solution, it is hardly so. Google Play Store does not host or allow anti-virus applications to run with system permissions. Coming up with an app or security patch that could help prevent Stagefright would mean revamping the policies and structure of the Google Play Store. Although this has been done on some occasions for necessary security patches, it just might prove to be too much work. There are reports, however, that high-end devices can expect a security patch release for Stagefright soon.
Conclusion: What can you do?
Stagefright is a really dangerous threat to all Android devices. The first thing you need to do is to be aware of the threat. The two ways discussed above can help you in preventing your device from Stagefright to a certain extent. There are applications which can test whether your device is at risk of Stagefright. You can simply run the tests and then decide whether to go for the methods discussed above.
Image from Shutterstock.