SINGAPORE, Aug. 19, 2015 /PRNewswire/ -- Stagefright, a vulnerability that allow attackers to steal information from Android devices, was discovered just a couple of weeks ago. This flaw allows attackers to steal information from Android devices through remotely executed code via a maliciously crafted multimedia messaging services (MMS). It has been estimated that 950 million devices worldwide are vulnerable to Stagefright, dubbed one of the largest Android vulnerabilities to date.
In light of this, ESET®, a global pioneer in proactive protection for more than two decades, launched an app on Google Play to help Android users detect Stagefright on their devices. Consumers who wish to download the application can do so for FREE on Google Play here.
"Asia Pacific has one of the highest Android mobile users in the world, making the region a prime target for cyber hackers. Mobile users should always remember to follow cyber security best practices, such as avoiding clicking on messages or links from suspicious sources and updating their operating system software regularly," said Parvinder Walia, Sales Director at ESET Asia Pacific. "We hope that more consumers will download the app as a proactive measure to secure their devices."
ESET has summarized additional must-know information for consumers and businesses about Stagefright in the following FAQ:
1) Is Stagefright really the worst of all Android vulnerabilities?
It is difficult to label a vulnerability as being the worst because the basis for this attribution varies. Some considerations include, the number of devices affected, the ease with which devices are compromised and amount of exploits in the wild. However, with 950 million users of Android devices potentially affected and a failed attempt by Google to fix the issues, users should take Stagefright more seriously than other commonplace vulnerabilities.
2) How does this vulnerability work and why is it called Stagefright?
Amongst the thousands of lines in the source code of Android, there is a media library called Stagefright in charge of managing multimedia formats that allow users to playback videos and music on their Android devices. Attackers exploit Stagefright by crafting malicious MMS messages that are sent to victims. In these cases, the only information required for highly targeted attacks is the victim's phone number. In some instances, devices can be compromised, even when users do not play or watch the actual message content. Simply viewing the MMS can affect the device. With Google Hangouts, however, it is possible for devices to be compromised almost instantly even notifications are viewed.
3) Which versions of Android are vulnerable?
According to investigations, all versions of Android from Froyo (2.2) inclusive are vulnerable. This means that 95 per cent of Android devices, or about 950 million users worldwide, are susceptible to the exploit. In addition, versions prior to Jelly Bean are at higher risk, since they do not incorporate the appropriate mitigations.
4) How can users protect their devices?
ESET recommends users check with their vendors whether a patch for their Android device already exists and deactivate the short message service (SMS) auto retrieve function for Messenger and Hangout applications. Users should also take extra precautions and check whether their devices are vulnerable with the ESET Stagefright Detector App and stay alert for new information regarding this topic.
About ESET
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.
