What is Reddit's opinion of
Stagefright Detector?
From 3.5 billion Reddit comments
Popularity Score: 43
This app was mentioned in 44 comments, with an average of 3.61 upvotes
Best Comments
Can't say for sure. Check with a program like Stagefright Detector to see if you're patched or not. Chances are if you haven't gotten an update at all within the past few months, you're not patched.
If you've got a phone from the last year, you'll likely get a patch. If it's older than that, you may not unless you put a custom ROM on your phone like CyanogenMod.
Jos puhelimesi on saanut ohjelmistopäivityksen viimeisen ~5 kuukauden aikana, tämä ei todennäköisesti koske sinua.
Tällä voi testata.
Can you install the Stagefright Detector app (if you haven't already) and post a screenshot of the results? https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en It has been recently updated to highlight that even the most recent 5.1.1 builds have a vulnerability (the previous known vulnerabilities have been fixed). I'm interested to see whether all the known ones are fixed in this preview.
It's a bug which affects around 95% of android devices. More info here: https://en.wikipedia.org/wiki/Stagefright_(bug)
To check if your tablet is affected, download https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en to check if your device is vulnerable.
You really are paranoid. There are several reasons why I don't think they would be using a stagefright exploit.
Perk sucks at coding. Their apps crash constantly and their servers take a crap every week. I'm not sure they have the technical know-how to create the exploit.
Google Play runs scans on apps in their store. So if a Perk app was using a Stagefright exploit, Google likely would have found it and booted out their apps.
Why would they do it? They already a ton of permissions about your phone. They can read your identity, contacts, media storage, wifi networks, etc. There isn't much more to get.
Their app code shows no indication of a stagefright exploit. (I haven't personally checked, but I have friends who have, and would have mentioned it).
If you're really worried about it, do the following:
Check for phone updates. It's possible your phone has a Stagefright patch.
See if you are vulnerable by using the Stagefright Detector.
Install a CyanogenMod ROM. It has the stagefright patch.
this app will tell you if you're vulnerable https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
my note 4 is still vulnerable to one of the exploits you can protect yourself by turning off auto-fetch mms in some cases
to check for vulnerability. It does sound like it's mostly just a potential thoroughfare that no one is really using (yet). So even if your device is vulnerable it doesn't mean that someone is trying to get access to you.
The Moto X 2013 is 2.5 years old. I haven't seen an update to Lollipop since sometime last year. Zimperium's tool reports that my phone is still vulnerable to CVE-2015-6602, one of the Stagefright bugs.
I wouldn't buy the 2014 now unless you're willing to be running an unpatched, vulnerable version of Android soon.
I don't know if it's been completely fixed yet. There are many vulnerabilities caused by Stagefright. Some may have been fixed, but not others. You might try running this tester. I don't recall if it's been updated to detect the most recent vulnerabilities though.
It's probably either an accident/wrong number or like a spam email. As /u/Pockets6794 noted, a video received from an unknown number is exactly how the stagefright bug is exploited. Grab the Zimperium Stagefright Detector and run a check to see if you're vulnerable. You're obviously smart enough to not play videos from an unknown source, but it never hurts to check your vulnerability - just to be safe. As for the messages, delete them and block the number.
EDIT: apparently you don't need to click the malware video to have it invade your system (yay!).
I don't know. As I said I'm not a security expert so I have no idea how these exploits work. I could imagine they only work if the file's being downloaded, but the file's being downloaded into some temporary storage too when streaming.
>Sometimes when you watch a video on a site, it prompts you to watch it in the default video app. Would doing that be enough to have the malicious code execute?
If the video app has a vulnerability, I think yes.
Please note that I mentioned the stagefright 2.0 as an example. It's 2 years old now and should be patched on any device.
You can try this app if you want to be safe.
Yes. https://en.wikipedia.org/wiki/Stagefright_(bug)
You can check if you're still vulnerable using this app: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
The app is made by the company who discovered the bug. If you have the latest Android, you're not vulnerable anymore. But a lot of manufacturers never update their old devices, that's why this exploit is so problematic.
> How would you know if you are patched or not?
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
> it will just keep pretending to update your phoen over and over again
That might be the case. It's hard to know for sure because people on XDA report that they've applied updates sucessfully and their software version didn't change. I know at least some LG G4 variants are fully stagefright patched. I'm still vulnerable.
It still isn't clear. Yes, it appears that a certain type of text message can crash your Android device (also no, it's not just phones). Though it's less clear that the vulnerability can be used to execute code complex enough to actually "take over" Android.
Since there is no way to patch every device using Android the people that exposed this (Zimperium) are not showing "how to" of the actual exploit.
It would seem that people who are rooted on a vulnerable device are at the most risk. For others, I'm kinda with you that the Android OS is not that easy to compromise because it should refuse to install anything not in the play store.
So, because of the situation we pretty much have to guess how bad it really is. Having said that, the people who found the vuln have said that it does enable arbitrary code execution. However, they do have a vested interest in making this sound as bad as possible as it draws more attention to them. If you want to check your vulnerability on any android device you can use this:
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
If you're vulnerable then you should complain to your carrier and the device maker.
There is an app on the Play Store that will show you how vulnerable your phone is
Currently I am vulnerable to 2/6 attack vectors, when I used to be vulnerable to 3/6
I was rooted/unlocked/not encrypted so I downloaded the Factory Image and extracted it to the point where I could see the flash-all scripts.
I removed the -w in the last line so it wouldn't wipe my data.
fastboot -w update image-hammerhead-lmy48i.zip
Executed adb reboot bootloader command and just ran the newly modified script and it did all the work.
~~It updated and I decided to try out Zimperium's Stagefright Detector App.~~
~~And it still says Vulnerable. Is the app broken or is the security update missing something?~~
~~Here's the build number shot: http://i.imgur.com/sZEntSZ.png~~
Zimperium's detection app was updated regarding CVE-2015-3826 and my Nexus 5 reports as not vulnerable.
Whoever installs it first, can you verify if it fixes stagefright? https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
According to Stagefright Detector, it's still vulnerable to CVE-2015-1538.
I updated my Nexus 5 to LMY48I and ran Zimperium's Stagefright Detector App.
And it still says Vulnerable. Is the app broken or is the security update missing something?
Here's the build number shot: http://i.imgur.com/sZEntSZ.png
::Edit:: After playing around with the Zimperium apk CVE-2015-3826 is the one that is failing on my device.
::Edit #2:: They updated their app and it reports the device is not vulnerable.
For SF 1.0 by the company that discovered it. https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector . They will update soon for 2.0
You can use this do check if it's the Stagefight fix OTA:
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Edit: Wording
Here's the app that checks if you have vulnerability https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Its an OTA for the stagefright vulnerability. http://www.droid-life.com/2015/08/10/download-nexus-4-5-6-7-9-10-ota-stagefright-patches/
Edit: App to test if you're vulnerable: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
My result after the OTA: http://imgur.com/svgYXJ4
Use this: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Should tell you. Hope this helps you.
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Maybe give that a try.
Install and run this app. If it says you're not vulnerable, it's safe. If it says you're vulnerable, it's risky.
I used an app called Stagefright Detector.
I'm using this one: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Stagefright detector is supposed to tell you if your phone is vulnerable to one of the many stagefright attack vectors: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Are all the stagefright vulnerabilities fixed?
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Use this to check for stagefright vulnerabilities
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
How do you check for the vulnerability?
EDIT// Nevermind, I found an app to check it.
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
For those that have flashed LMY48I, could you check to see if your device is still vulnerable using this app?
Zimperium has updated the app, 'fixing inaccurate detection of CVE-2015-3826'. https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Have you checked if you're vulnerable already?
Te dí downvote, no porque haya que instalar un antivirus, sinó porque la seguridad no es tan simple como "no ser gil".
> No. Para que te entre un virus en celular tenes que habilitar las opciones de desarrollador, descargar un .apk, ejecutar el apk, ignorar el pop up que dice "eh flaco, mira que esto no viene del store oficial", instalar, comerte un virus por gil.
Salvo que lo tengas rooteado y tengas Stagefright como millones de dispositivos:
https://en.wikipedia.org/wiki/Stagefright_(bug)
Acá esta la app para ver si sos vulnerable:
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector&hl=en
Calling FUD.
How does this "video file" get on the target phone? Why doesn't the article have any useful avoidance info other than "buy a new phone"? How about a link to that scary-looking detection app, at least?
EDIT: Here's the app, by the way.
See if your device is vulnerable: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
Edit: Who downvotes helpful posts? This tool is from the security researchers who discovered the vulnerabilities....