PCA Forums

This is bad, and a lot of phones are vulnerable. Google Nexus phones already have the updated firmware pushed out to them.

Unfortunately, for most phones, Android updates require carriers to push out the updates and they are notoriously slow, and if your phone is more than a couple of years old they get abandoned.

All someone has to do is send you a text message with a maliciously crafted video file, and they completely own your phone. It's about as bad as it gets. Expect to be receiving a lot of unsolicited text messages soon.

This app tests to see if your phone is vulnerable, and if so gives instructions on how to disable Auto fetching of videos via MMS messages, which somewhat mitigates the problem, but is no permanent fix.

https://play.google.com/store/apps/deta ... htdetector

And shit like that is just one reason why I always buy a Nexus. They run faster and always get updated quickly. Pure Android is nice and I don't have all the bloatware that the carriers install.

In case the instructions in the app aren't clear (I've had people ask). The temporary fix just prevents MMS (multimedia attachments to text messages like photos and videos) from being automatically downloaded and shown as a thumbnail in a text message. The exploit only occurs when the malicious video or image is downloaded - and by default Android auto-downloads them.

HOWEVER, once this is disabled, it is entirely up to you to avoid clicking on the prompt to download the MMS attachment in a text message. If you click on it to download it, and it's malicious, you're screwed.

So, at the very least, you should not open any MMS attachment from a strange number. Trouble is, I can see this escalating and there being a malware created that infects someone's phone, and then sends a malicious MMS to everyone on their contact list.

So until this gets fixes, it really isn't safe to download ANY multimedia attachment in a text message. Not unless, maybe, your brother calls you up and tells you they're sending a picture to you right now.

This is unprecedented: http://www.techtimes.com/articles/74556/20150806/at-t-rolls-out-stagefright-fix-for-samsung-galaxy-s6-galaxy-note-4-and-galaxy-s5.htm

I didn't expect AT&T to get off their butts and do anything for several months. However, it only applies to the Galaxy S6, Galaxy S6 Edge, Galaxy S6 Active, Galaxy S5, Galaxy S5 Active and Galaxy Note 4.

I'm getting my update now (301.08 MB) but I had to manually check. You'd think they'd send a text message or simply push it.

I read that CyanogenMod has also been patched so one alternative would be to install it on an older phone that will most likely never receive an update. I've never messed with it so I can't offer any guidance.

This may be my excuse to switch to Cyanogen. I have a spare Moto-x that I use as an emergency phone in the RV. May put Cyanogen on it.

It's been also posing me off that Verizon hasn't yet released Android 5.x on the Moto-x and this would be one way to get it.

FlyingPenguin wrote:This may be my excuse to switch to Cyanogen. I have a spare Moto-x that I use as an emergency phone in the RV. May put Cyanogen on it.

It's been also posing me off that Verizon hasn't yet released Android 5.x on the Moto-x and this would be one way to get it.

From what little i know about Cyanogen, it's supposed to be one of the easier ROMs to install. I think all that's required is an unlocked bootloader. You'll want to write down all of your phone's network settings in case you have to manually enter them. I think you'll also need the apk for the Google store.

Losbot wrote:And shit like that is just one reason why I always buy a Nexus. They run faster and always get updated quickly. Pure Android is nice and I don't have all the bloatware that the carriers install.

Hey Los, do you happen to have the Nexus 6 now? My S4 is dieing on me and I'm looking for a replacement. I had the previous Nexus (made by ASUS), then switched to Samsung and now I want to go back.

psypher wrote:Hey Los, do you happen to have the Nexus 6 now? My S4 is dieing on me and I'm looking for a replacement. I had the previous Nexus (made by ASUS), then switched to Samsung and now I want to go back.

I've got the Nexus 5 made by LG. I'm holding out for either the NEW Nexus 5 or Nexus 6 when Google announce it in OCT (typically).

Love my Moto-X, and it's very nearly pure Android, but I'll probably go Nexus next time so I don't have to deal with firmware update delays due to Verizon's stupidity.

Just read that the Nexus 6 went with builtin battery just like Samsung S6, arg....That's one of the reasons (among many) that I got away from Apple. I hope they go back to replaceable batteries.

psypher wrote:Just read that the Nexus 6 went with builtin battery just like Samsung S6, arg....That's one of the reasons (among many) that I got away from Apple. I hope they go back to replaceable batteries.

The only phones I know of that have replaceable batteries are the LG G4,the Samsung S5 and the Samsung Note 4. By the way the S6 removes the micro-sd slot.

It really sucks that Android phones are starting to become more like iPhones. I hope I don't have to get a new phone for a few years since I just bought my S5. If I can't get a Android with expandable storage and removable battery, I'll get an iPhone.

They're actually not impossible to replace yourself if you're somewhat techie. I've done it. Lots of videos show you how.

It's how they can cram as much battery as possible into it and not worry about aesthetics.

Err wrote:This is unprecedented: http://www.techtimes.com/articles/74556/20150806/at-t-rolls-out-stagefright-fix-for-samsung-galaxy-s6-galaxy-note-4-and-galaxy-s5.htm

I didn't expect AT&T to get off their butts and do anything for several months. However, it only applies to the Galaxy S6, Galaxy S6 Edge, Galaxy S6 Active, Galaxy S5, Galaxy S5 Active and Galaxy Note 4.

I'm getting my update now (301.08 MB) but I had to manually check. You'd think they'd send a text message or simply push it.

I read that CyanogenMod has also been patched so one alternative would be to install it on an older phone that will most likely never receive an update. I've never messed with it so I can't offer any guidance.

Err, I have a fair new Galaxy Note edge (pretty much same as the Note 4 but with one curved edge), AT&T and just did their SW update on it.
I had earlier installed the Stagefright detector app and it said that my phone was vulnerable. After the update, it still says that. I haven't yet manually anything to stop the auto-run functions but does that App still say that your phone's vulnerable or not? Not sure if the phone's OK or that App is incorrect?

EvilHorace wrote:Err, I have a fair new Galaxy Note edge (pretty much same as the Note 4 but with one curved edge), AT&T and just did their SW update on it.
I had earlier installed the Stagefright detector app and it said that my phone was vulnerable. After the update, it still says that. I haven't yet manually anything to stop the auto-run functions but does that App still say that your phone's vulnerable or not? Not sure if the phone's OK or that App is incorrect?

I didn't run the app before the update but after it said my phone was not vulnerable. You may want to check for another update. That's very odd that it didn't fix it. Did your phone reboot after the update?

FlyingPenguin wrote:Love my Moto-X, and it's very nearly pure Android, but I'll probably go Nexus next time so I don't have to deal with firmware update delays due to Verizon's stupidity.

I hope your phone falls into this list: http://www.androidpolice.com/2015/08/08/motorola-details-plans-to-patch-the-stagefright-vulnerability-for-2013-phones-and-later/

Of course even if it does, the carriers need to push the updates.