What You Need to Know About Stagefright

By on Apr 01, 2016

Any mention of stage fright transports us to our schooldays when we had to go up on stage to recite an oh-so-long poem, or act out a part in a play or sing a song. The jitters that came along! Oh yes, we all may have suffered from stage fright to some degree.

But when I talk about Stagefright in this blog, it refers to a new cyber threat – a malware that is potentially scarier. In July 2015, security experts discovered several vulnerabilities in the Android operating systems that cyber criminals were targeting with the intent to steal personal data stored on our smartphones. Experts named this group of malicious code “Stagefright,”which is a nickname for the media libraries found in operating systems of our Android smartphones. McAfee’s Mobile Threat Report for 2016 found that the count of Android-based devices detecting the Stagefright-based exploits has remained steady in Q4 2015.

So how dangerous is Stagefright and why should we be concerned? Well, it allows cybercriminals to remotely execute a code on a user’s phone by sending a specially designed MMS message. All that a cybercriminal requires is the target’s phone number to launch the attack. The attacker can then implant a remote access tool that gives them full access to your device.

This attack could happen while your phone is being charged. This means that the user has no hand in enabling the malicious code on his device, say through clicking on an infected link or downloading a malicious file.

There are even reports about the use of specially designed MP3 and MP4 files used to launch the Stagefright attack. This makes the situation even more pressing here as India has a booming smartphone market and a majority of the smartphone owners rely on the Android ecosystem.

While device manufacturers take note of such macro threats and share regular patches with customers, we must be vigilant every step of the way.

Stagefright

If you are an Android phone user, it is important for you to know the risks that could affect your device and how to protect yourself. So what can you do to keep your device secured and stay safe?

  • Update your device regularly: enable auto updates, for both the operating system and security tools. Yes, even if it means a 10-minute delay in starting your work because the Android tablet or smartphone needs to install updates and restart. While it may be inconvenient it is a small sacrifice to make for the safety of your personal information online
  • Secure all devices: All your devices (and not just the Android-based ones) with comprehensive security software from a reputable brand.
  • Turn off auto open feature: Because MMS-based messages and later, MP3 & MP4 files, were used to introduce the bug it’s wise to keep the auto-open MMS messages feature turned off. Similarly, disable auto-download or opening of files. This will allow you to personally verify authenticity of the source before you open a message or document
  • Err on the side of caution: It is better that you be suspicious and check files and messages before opening them than to be too trusting and fall prey to a cyberattack.

And always remember the cybersafety mantra I share frequently- STOP. THINK. CONNECT.

Don’t act in haste, make time to check and consider all options and consequences before you click on the ‘open’ tab.

Stay safe online!

About the Author

Cybermum India

Anindita Mishra is McAfee’s Cybermum in India. A Pune-based freelance writer, teacher and devoted mother of two- Anindita has always been a vocal advocate for issues tied to children's welfare and development. Like many Indian parents, Anindita wants to make sure that her children are safe wherever they go, in the real or virtual world. ...

Read more posts from Cybermum India

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs