The Stagefright vulnerability has been one of the hottest topics of discussion in the security industry since it was announced. In order to provide a detailed insight into the vulnerability and ease of exploitation, zLabs VP of Platform Research and Exploitation, Joshua Drake (@jduck) prepared the video below that demonstrates the attack.
Zimperium launched ‘Zimperium Handset Alliance’ (ZHA) on August 1, 2015 to share mobile security threat information to accelerate the availability of threat mitigations and updates. Over 25 of the largest global carriers and device manufacturers are already part of the Alliance. The strong interest in Zimperium Handset Alliance from mobile ecosystem partners is a clear indication of the critical need to exchange relevant threat information and provideupdate mobile devices as quickly as possible to protect customers. Zimperium is proud to drive this change.
POC files are attached –
https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Crash-PoC.zip
Stagefright Patches are available here –
https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/ZHA-Stagefright-Patches.zip
Samsung released an app that allows users to disable MMS on their devices. We would like to thank the KNOX group for working closely with Zimperium Handset Alliance to solve this issue on older devices. The Samsung MMS control app can be downloaded from: https://s3.amazonaws.com/zhafiles/Zimperium-Handset-Alliance/Samsung_KNOX_and_ZHA_ap_MMSCtrl.apk
We are working with carriers and device vendors to design solutions to protect users that do not currently have Zimperium zIPS on their phones.
Today Zimperium launched the ‘Stagefright detector App’ for Android users to test if their device is vulnerable. The app is available for download on the Android store. Download link: https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector