After stagefright patch, is there anything to scan with that tells you if code is still there?

Toggle sidebar Toggle sidebar
monsieurms

monsieurms

Well-known member
Sep 30, 2011
1,569
108
63
on T-mobile last night for the Note 4, finally got my patch! Downloaded and applied perfectly. I ran Lookout's Stagefright detector and it said I was no longer vulnerable.

Great. Of course, the months when it was unpatched....could be a problem! Does anyone know if there is anything that will scan for remnants of the malicious code? Even if, after patching, it cannot execute any longer, if it is still there, that might give me some idea that it was too late and I'd already been infected.

Of course, don't know what to do about THAT even if so! But..baby steps.
 
Actually the way the Stagefright bug worked was with a text message containing a video with the malicious code embed in it. Android itself didn't contain the Stagefright bug so as long as you didn't receive a text message from an unknown number containing the video with the malicious code your phone should be safe after the patch has been installed on it.

Once you have installed the patch you're good to go.
 
Sergio Armenta said:
Actually the way the Stagefright bug worked was with a text message containing a video with the malicious code embed in it. Android itself didn't contain the Stagefright bug so as long as you didn't receive a text message from an unknown number containing the video with the malicious code your phone should be safe after the patch has been installed on it.

Once you have installed the patch you're good to go.
Click to expand...



Here's what I do recall: I periodically get spam texts. Not long after this hit the news, I had a spam text. Trying to block it, I opened it because I couldn't block it just from the list of messages. EVEN THOUGH I had disabled "auto retrieve mms," it then told me that it was "converting the message to MMS." I didn't download or click further other than block the sender. I don't recall any video being listed.

I have no idea whether this sequence left me vulnerable or was meaningless. What I'd like to see is a scanner that finds some trace evidence of a past infection.
 
Sergio Armenta said:
Have you tried using the Stagefright tool that they made that was actually on an article in AC I believe last week.

Here's the link:

https://forums.androidcentral.com/e....zimperium.stagefrightdetector&token=EFDhsaTD

See if this one helps
Click to expand...

Thanks. I have a similar app from Lookout. As I understand Lookout's app and this one, they both will tell you if your system is vulnerable, but that's all. For instance, before last night's patch, Lookout told me my system was vulnerable. NOw, it says I'm not. What it doesn't say is whether there is any remnant malicious code (even if it can no longer execute) that would prove that the patch was too late and I was in fact hacked before the hole was closed by the patch.

I'm not sure that remnant malicious code would in fact be cause for alarm--I still don't know whether it had time to ever send anything, take anything etc. I'm also not sure what to do if it did! But ....I'd like to know.

P>S. Just for fun, btw, I also downloaded that Zimperium app linked. According to Lookout, there is no risk any more. According to Zimperium, the system is still vulnerable.

I've never heard of Zimperium before--although I note the app does advise to contact them.

I do tend to trust Lookout.
 
Last edited:
Both Avast and AVG have free antivirus apps for Android. Not sure if they would for certain detect any malicious code that had previously been installed/executed via the Stagefright vulnerability or not, but you could always give them a try. I have not personally used them for Android, but I tend to trust both Avast and AVG. No real harm in testing one of them.
 
Got the patch and all seemed fine. Lookout's Stagefright Detector said all was well.
Yesterday, Lookout UPDATED its Stagefright detector. Now, "device is still vulnerable"

Is TMO preparing a new patch? I have no idea what's going on here.

NB: Lookout tech support advised that that message "converting to mms" doesn't indicate a download if the MMS is disabled.
 
Actually I read an article just a few days ago that the Stagefright bug wasn't fixed with that patch that carriers released a few days ago. Apparently it's not as easy to fix the problem. So hopefully since Samsung promised to release security updates on a monthly basis they fix it soon.
 
You must log in or register to reply here.

Similar threads

C
  • Solved
Question Bought an "unlocked" phone, it was network locked, is there any way to unlock it?
Replies
10
Views
2K
Ask a Question
Chwoka
C
P
  • Question Question
Question How do I make an android tablet with a cellular connection believe that it is a phone?
Replies
5
Views
959
Ask a Question
pmennen
P
JonathanRabson
ZTE phone hacked with Stagefright. What are my options?
Replies
4
Views
2K
General Help and How To
B. Diddy
B. Diddy
D
Is there anything about the Note 20 Ultra which you don't like?
Replies
64
Views
9K
Samsung Galaxy Note 20 & Note 20 Ultra
Donglelife872
D
M
Is there any way to reverse syncing between 2 phones after it's already done?
Replies
24
Views
8K
Samsung Galaxy S21 & S21+ & S21 Ultra
B. Diddy
B. Diddy

Latest posts

Trending Posts

Members online

Total: 2,437 (members: 8, guests: 2,429)

Forum statistics

Threads
956,350
Messages
6,967,725
Members
3,163,517
Latest member
amaka

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom