Ask / Submit
4

[security] Stagefright detector released, SFOS apparently affected [duplicate]

asked 2015-08-06 10:25:56 +0300

simosagi gravatar image

updated 2015-08-06 16:45:47 +0300

chemist gravatar image

The discussion in https://together.jolla.com/question/102740/security-is-alien-dalvik-affected-by-stagefright-vulnerability/ was closed with the conclusion that Alien Dalvik should not be affected.

However, after the presentation at BlackHat USA, a tool was released to check if a device is affected by this issue or not (https://play.google.com/store/apps/details?id=com.lookout.stagefrightdetector). I downloaded the apk and run it on my Jolla and the result is that it seems to be vulnerable:

image description

It could of course be that the tool doesn't work properly in an 'emulated' environment like Alien Dalvik, but now it's up to Jolla team to do a proper check.

BTW: my device is running current latest SFOS 1.1.7.25

edit retag flag offensive reopen delete

The question has been closed for the following reason "duplicate question" by rainisto
close date 2015-08-06 10:43:44.780441

Comments

3

You have already an offcial response "Initial analysis is that SFOS is not directly affected by this vulnerability as the MMS'es are not received and handled by the aliendalvik. "

tvicol ( 2015-08-06 10:32:07 +0300 )edit

@tvicol If I understand you correctly it's just not affected cause of a missing feature (automatic sms/mms handling) ? Hopefully devs will keep that in mind when adding the feature.

V10lator ( 2015-08-06 11:18:29 +0300 )edit
2

This tool is unreliable in virtual/emulated environments. Tool sending a real MMS and trying to use that message in "vulnerable" way would be better for testing Alien Dalvik (and that tool would most likely result as "not vulnerable")

However, good that you brought the result with this tool here, it might prevent later missunderstandings. I suggest copying the screenshot also to the original question, explaining why the tool isn't reliable on Jolla

simo ( 2015-08-06 12:50:25 +0300 )edit
2

@V10lator, looks like they are aready working on a patch: Comment by tigeli, "Sure.. and we are preparing a fix already for the aliendalvik." https://together.jolla.com/question/102740/security-is-alien-dalvik-affected-by-stagefright-vulnerability/?answer=102744#post-id-102744

mosen ( 2015-08-06 15:47:44 +0300 )edit

1 Answer

Sort by » oldest newest most voted
4

answered 2015-08-06 10:43:32 +0300

rainisto gravatar image

duplicate to https://together.jolla.com/question/102740/security-is-alien-dalvik-affected-by-stagefright-vulnerability/ so I'm closing it.

edit flag offensive delete publish link more

Question tools

Follow
1 follower

Stats

Asked: 2015-08-06 10:25:56 +0300

Seen: 632 times

Last updated: Aug 06 '15