How to prevent Stagefright exploitation
Recently, Google announced that there's a new bug discovered and could manipulate your android phone. Almost 95% of android phone could be risk and vulnerable for a single text thru MMS. Hacker bind a code in this MMS and can exploit the victim even you did not download or opening it unlike in other malware. This attack severely include froyo 2.2 up to android 5.1 latest android version. Actually, Google has already patch for this to prevent it but they still contacting all the manufacturer of smartphone company. It also warned us that this is crucial and still unknown on how could this attack happen. How can you imagine this for only single text can manipulate your phone without knowing it. Perhaps can accesss your data, photos, and bank account that link in your phone.
According. to forbes.com, "The weaknesses reside in Stagefright, a media playback tool in Android. They are all “remote code execution” bugs, allowing malicious hackers to infiltrate devices and exfiltrate private data. All attackers would need to send out exploits would be mobile phone numbers, Drake noted. From there, they could send an exploit packaged in a Stagefright multimedia message (MMS), which would let them write code to the device and steal data from sections of the phone that can be reached with Stagefright’s permissions. That would allow for recording of audio and video, and snooping on photos stored in SD cards. Bluetooth would also be hackable via Stagefright".
Based on my observation this stagefright has a big rule in our android phone. It seen in system libs that can access our media files, as well as audio and videos. Honestly, I don't have an idea how can manipulate it via MMS nor what the extent of the attack and how dangerous is it. Although, stagefright which access our media we can prevent it. Simply, MMS is the route we need to disable it.
I have two method to disable it one is via mms settings just off your auto retrieve and other one simply change APN of network settings. We need to prepare until waiting for the updates of Google's android. Also don't give your number to suspicious persons. Remember the famous quote, "Prevention is better than Cure".
Method 1.
Go to MMS settings>Auto Retrieve>Off
Method 2.
Go to settings>more>Mobile Networks>Access Point Names> Change MMS proxy and port any name you want. To disable MMS.
No comments:
Post a Comment