Stagefright… The End?

stagefright_v2_breakdown-e1438001259526-1024x266.jpg

I’m hoping this will be my final post on the Stagefright Hack/Bug.

Update

Zimperium Inc. updated their Stagefright Detector App for Android. You should make sure to keep this app updated and occasionally check your device to see if any recent upgrades for your operating system might have fixed this problem.

If your device is patched then you can whichever messaging app you like best and you can re-enable the auto-retrieve setting for MMS messages.

New Mitigation Method… Much Better!

In previous posts I mentioned disabling the auto-retrieve setting for MMS messages. This is somewhat effective but overwhelmingly annoying, especially for users who receive a lot of group or picture messages. I’m tired of having to tap “Download” 20 times a day.

I have recently found two third-party SMS/MMS applications that either don’t use the Stagefright engine or are somehow protected from the Stagefright exploit.

If your phone hasn’t been upgraded to a proven SAFE version that has the patched Stagefright engine I strongly recommend installing and using either of these as your primary messaging app:

Textra SMS Android App (free but offers in-app purchases) / Textra SMS Website

QKSMS Quick Text Messenger Android App (free but offers in-app purchases) / QKSMS Google+ Community

I have tested and use both interchangeably. They are both decent and effective and I no longer have to click a stupid download button.

There might be other SMS/MMS solutions out there that protect you from the Stagefright problem, these are just a few suggestions that I know work. If you find any, let me know!

Stagefright Patch Status

I have created a spreadsheet (not intended to be exhaustive by any means) which shows the current status of some phones that are patched (or not): Stagefright Patch Status.

Another tab on this spreadsheet shows a comparison between Apple iOS and Google Android for Common Vulnerabilities And Exposures (CVEs): CVE: Apple iOS vs. Google Android.

The summary is that there are 10 times as many vulnerabilities in iOS and most of them were more severe than the Android exploits. Apple iOS had 537 CVEs from 2007 to 2015Google Android had 54 CVEs from 2009 to 2015.

Recently an (supposed) Android fan told the world he was finally saying goodbye to Android and switching to an iPhone, a hasty decision in my opinion. As the CVE comparison above shows, even though Apple might currently be the quickest to patch problems, they are still 10 times more likely to wind up with problems in the first place – and subsequently they are more vulnerable to attacks; most of which are also much more severe.

In closing, the Stagefright Bug really bothered me and it still does… but in my opinion there are no safer or better solutions than Android right now.