Ask / Submit

[security] Stagefright detector released, SFOS apparently affected [duplicate]

asked 2015-08-06 10:25:56 +0300

simosagi gravatar image

updated 2015-08-06 16:45:47 +0300

chemist gravatar image

The discussion in was closed with the conclusion that Alien Dalvik should not be affected.

However, after the presentation at BlackHat USA, a tool was released to check if a device is affected by this issue or not ( I downloaded the apk and run it on my Jolla and the result is that it seems to be vulnerable:

image description

It could of course be that the tool doesn't work properly in an 'emulated' environment like Alien Dalvik, but now it's up to Jolla team to do a proper check.

BTW: my device is running current latest SFOS

edit retag flag offensive reopen delete

The question has been closed for the following reason "duplicate question" by rainisto
close date 2015-08-06 10:43:44.780441



You have already an offcial response "Initial analysis is that SFOS is not directly affected by this vulnerability as the MMS'es are not received and handled by the aliendalvik. "

tvicol ( 2015-08-06 10:32:07 +0300 )edit

@tvicol If I understand you correctly it's just not affected cause of a missing feature (automatic sms/mms handling) ? Hopefully devs will keep that in mind when adding the feature.

V10lator ( 2015-08-06 11:18:29 +0300 )edit

This tool is unreliable in virtual/emulated environments. Tool sending a real MMS and trying to use that message in "vulnerable" way would be better for testing Alien Dalvik (and that tool would most likely result as "not vulnerable")

However, good that you brought the result with this tool here, it might prevent later missunderstandings. I suggest copying the screenshot also to the original question, explaining why the tool isn't reliable on Jolla

simo ( 2015-08-06 12:50:25 +0300 )edit

@V10lator, looks like they are aready working on a patch: Comment by tigeli, "Sure.. and we are preparing a fix already for the aliendalvik."

mosen ( 2015-08-06 15:47:44 +0300 )edit

1 Answer

Sort by » oldest newest most voted

answered 2015-08-06 10:43:32 +0300

rainisto gravatar image

duplicate to so I'm closing it.

edit flag offensive delete publish link more

Question tools

1 follower


Asked: 2015-08-06 10:25:56 +0300

Seen: 632 times

Last updated: Aug 06 '15