Stagefright 101: What you Need to Know about Stagefright Vulnerabilities

With the recent media attention surrounding Stagefright 2.0, users are increasingly concerned about their Android mobile devices. What is the reality and what do you need to know to protect your Android?

In August, Zimperium researchers discovered a vulnerability in the media players used by the Android operating system. This flaw was exploited by sharing a targeted MMS (multimedia message) to an Android device. Stagefright 2.0 exploits a similar vulnerability in the media player, but it can be exploited via a website. A link shared via email, messaging, or social media can exploit the vulnerable multimedia player. Currently, all un-patched devices running Android are vulnerable to Stagefright 2.0.

In response to Stagefright 1.0, Google and device manufacturers improved the security update process for the Android operating system. Google released updates to Nexus users on October 5th, and provided the patched version of Android to OEM partners on September 10th, enabling them to begin patching their versions of Android. Keep an eye out for news from your device manufacturer or service provider for updates to the Android operating system.

How can I protect my Android from Stagefright now?

The following is a list of best practices that will protect your phone from Stagefright 2.0:

  • Only click links shared with you by trusted family members, friends, and co-workers.
  • If you’re concerned about a link’s source, wait to view it on a computer or patched Android device.
  • Install and run security ‘check’ apps from trusted vendors, such as Stagefright Detector.

What about Stagefright 3.0 or the next mobile security vulnerability?

The past few months have shown us how vulnerable our mobile devices can be. With a few simple steps you can ensure you remain secure:

  • Run software updates when prompted by your device.
  • Keep your most important information; contacts, photos, email in a secure space like Samsung My KNOX.
  • Install secure communication applications, like KoolSpan’s TrustCall, which ensures you are communicating with people you trust. TrustCall provides end-to-end encrypted messaging and peer-to-peer authentication of users.