This is an emergency post for every Android user. The topic is "Stagefright" . The importance of this post was so much that I had to divert from my regular "Smartphone Prologue"
( all the images shown here have their source
from Google Images )
Now what is this Stagefright ?
No its not about the nervousness a speaker experiences during a speech! In technical terms it refers to a list of serious bugs in the Android OS (v 2.2 and up) recently uncovered that can trigger any device to permanently freeze by receiving only a text message from a hacker!!!
Technically this set of bugs got its name from the native media playback engine of the same name that the Android media library possesses which is loaded with the default software codecs during its manufacture.
It was recently that cyber security giant Zimperium zLabs researcher Joshua Drake found out this major bug in the Android program codecs which is part of the AOSP (Android Open Source Project). This is the biggest Android bug till date !!
According to current statistics over 950 million users all over the world are at a grave risk of a dangerous hack!
What does Stagefright do??
The Stagefright engine in the media library is responsible for unpacking of the media files like photos, videos and audios. It is also responsible for retrieving the MMS files.
Now what the hacker basically needs is just your phone number! Yes that's it! Next he sends you an MMS file which contains the malicious code wrapped up in a media file ( possibly a Matroska file i.e. .mkv). Once you receive that message its curtains for your phone. The hacker now has full access of your phone! He/she can access all your personal data, photos, videos and most importantly your call list. He/she may perform dials to numbers and earn you a bad reputation. A video recording may also be started without your knowledge.
A grave possibility is that file may cause the library to suffer from an integer overflow while unpacking the media file leading to a crash of the OS permanently!
Moreover you need not open that MMS file to get infected! Once your phone receives the message it automatically falls prey to the trap. Even the hackers are equipped to delete that file from your phone so that you do not even notice that your phone is sabotaged!
Yes sounds frightening ! I know ! So now what to do?
We should be thankful to Joshua to say the least. He decided to inform Google about his patches that can fix these bugs. And yes, he even sold them to Google whereas he could have sold it to bad hands for a heavy ransom!
Google though has already released its patches ! But there is a big problem here. Apart from its own Nexus Devices, Cyanogen Mod, Mozilla, Silent circle's Blackphone every other device is still at risk! Why????? This is because Google Android relies on its partners i.e.. the phone makers (like Samsung, Motorola, HTC, LG, Sony etc) for the software update of its released patches . This is because every device uses its own tweaked version of Android! And as far as the phone makers are concerned they are yet to release a patch for the fix.
So in the meantime there are two big ways of staying safe.....................
- Open your default messaging app in your phone and click on the Settings option. Then click on the MMS settings. You will find an option called " Auto Retrieve MMS messages". Uncheck that box. Do the same for Google Hangouts also. In this way you protect the malicious file from automatically infecting the system. Although if you open the message the code will start its work. Hence I advise you to instantly delete any MMS you receive on your phone. Do not open any such file. If you have to share media files with friends use Whatsapp for example.
- Mobile antivirus softwares like Trend Micro and Zimperium's zIPS already boast of their updated technologies to detect the Stagefright bugs and nullify them.
So lets just hope that we receive a fix soon! I would insist you readers do share this information with anyone and everyone to make people cautious of this situation. Please recommend this post on Google+ or share it in Facebook or other social media so that this message reaches to every corner of the smartphone population.
