A vulnerability in Android’s Stagefright media playback engine was publicly revealed late last month, potentially affecting nearly a billion Android devices. It enables an attacker to take control of the victim’s phone by sending a specifically crafted MMS.
Now, Zimperium — the security research firm that discovered the vulnerability — has created an Android app that lets you check if your device is vulnerable to the Stagefright bug.
Called the Stagefright Detector App, the app will scan your phone and tell you whether it’s vulnerable or if you need to update your mobile OS. It’s available on Google Play for free. Zimperium told Engadget that the app also “anonymously” collects data and fingerprints the vulnerable device, in order to help create future patches.
Devices become vulnerable if users open a malicious message, but in some scenarios — for example, if the user has the MMS “auto-fetching” option enabled in Hangouts and other messaging apps — the victim’s device might get infected without any user interaction.
Google fixed the vulnerability on its own Nexus devices, but many manufacturers — including Samsung and LG — have not yet issued a patch for vulnerable devices. Some manufacturers promised a fix in the near future — China’s Alcatel, for example, told Mashable a fix for its Alcatel Idol 3 would be available around Aug. 10.
If your phone is vulnerable, the best course of action is to avoid opening any MMS attachments, especially from users you don’t know, until the manufacturer issues a patch. It’s also best to disable “Auto Retrieve MMS” option in Hangouts and other messaging apps, as explained by Zimperium here.