2 Aug 2015 | Earlier this week we reported on the Stagefright vulnerability that could affect 95 percent of Android devices. It has arisen as a result of code vulnerabilities which could have been detected and resolved earlier.
Application security company Checkmarx has been looking more deeply into Stagefright and what it means for users and developers.
Stagefright can infect a device by simply downloading an MMS message -- which happens automatically in most cases. Once infected, the hacker has full control over the phone's data. The scary thing is that the Android device just needs to receive an MMS message. The user doesn't have to open it in order to get infected.
First of all there's a temporary workaround to avoid infection. Open the Hangouts app, go to Settings from the hamburger menu, select SMS, choose Hangouts as your default SMS app and uncheck Auto-retrieve MMS. There's usually an option to turn off auto-retrieval of MMS in other messaging apps too, so check your settings.
Amit Ashbel of Checkmarx writing on the company's blog says, "It is clear by now that the Stagefright vulnerability was a result of one or more code vulnerabilities. It is also clear that these could have been detected at an earlier stage of the development and resolved at that stage. What is not yet clear is what the exact vulnerability is, however, that should become clear within the coming days after the full information about the CVEs reported are disclosed".
Checkmarx's CxSAST for Mobile delivers code security analysis for Android, iOS and Windows applications. This helps eliminate code vulnerabilities during the coding process rather than waiting for them to appear at a later stage.
Read the original article at BetaNews.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.