0

Is it safe to check if device is subject to Stagefright bug, for example with: Stagefright Detector App forAndroid by Zimperium ? Is such (or similar test) sufficient?

Is there available any 3rd party external manual (e.g. in for of report with traces etc) or automated analysis of vulnerabilities (like Stagefright) detector software ? If no, what could speak for or again credibility of authors of such software, to use at leat that subjective measure of trust for judgement if no analysis available? (Please read comments below for clarificqtion)

Grzegorz Wierzowiecki
  • 657
  • 1
  • 6
  • 15
  • 4
    are you asking if you can trust the developers of the tests not to compromise your device? – schroeder Aug 12 '15 at 23:21
  • Exactly! Are there any 3rd party analysis of such software available/published? – Grzegorz Wierzowiecki Aug 12 '15 at 23:23
  • 3
    I'm afraid that we really don't do 3rd party code reviews here. We can't be liable for mistakes or if the developer changes the code once we render an opinion. Find a dev that is trustworthy and publishes their code for review. – schroeder Aug 12 '15 at 23:27
  • 1
    The point is that either people might be aware of some reports, or just able to assess credibility of Zimperium, as they published report about bug AFAIK , so maybe they are credible to use their app? I know those are very subjective risk assessments, but might be the only until some external analysis (manual or automated tools) become avilable. – Grzegorz Wierzowiecki Aug 12 '15 at 23:30

1 Answers1

3

Yes, Zimprerium was the group that discovered and reported the StageFright vulnerability (here's the original blog post).

Zimperium's Sr. Director of Platform Research and Exploitation, Joshua J. Drake (the discoverer and presenter of StageFright) is a famous Android security researcher, and a former researcher for metasploit.

While I applaud being cautious, if you can't trust their test tool then I'm not sure what you can trust.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207