Project

General

Profile

Actions

Issue #1287

closed

Stagefright vulnerability

Added by My Self over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Start date:
03/30/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:
Grant:
Type of work:

Description

Within this ticket I'll check if Replicant is vulnerable to the Stagefright (http://source.android.com/devices/media.html) weaknesses.
More details: http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
(And there already exists a Replicant forum thread about: http://redmine.replicant.us/boards/39/topics/10329)

As far as I understand that vulnerability:
  • the weaknesses is more or less exclusively present within the hardware accelerated audio-/video-decoding, so Replicant don't have to be affected (without using that proprietary accelerations), but I have to check that in detail.
  • If Replicant is affected, it doesn't seems to be enough to:
    • avoid Hangouts or disable: Settings -> SMS -> Auto Retrieve MMS -> [uncheck]
    • disable auto-MMS-reception of the standard SMS app or alternative SMS apps
    • remove MMS APN: Settings -> More... -> Mobile networks -> Access Point Names -> {choose your MMS provider APN} -> three-dot-menu -> Delete APN

because you would be still vulnerable (e. g. over manipulated email-pictures, or any other app, which uses the Stagefright media framework.

Solution/Patches
CM diffs (I'll preventive try to bring to Replicant ASAP):
http://review.cyanogenmod.org/#/c/103267/
http://review.cyanogenmod.org/#/c/103268/
http://review.cyanogenmod.org/#/c/103269/
http://review.cyanogenmod.org/#/c/103270/
http://review.cyanogenmod.org/#/c/103266/


Files

stagefright_patchset-redux.zip (12 KB) stagefright_patchset-redux.zip My Self, 08/26/2015 11:48 AM
Actions

Also available in: Atom PDF