-2

Since the Stagefright exploit is very common on many devices I wanted to ask if there is any way to check if someone has used this exploit on a given device. Like check the processes for unknown entries, check the battery statistics for strange apps, check the data transfer for unknown apps or something similar.

What could an attacker get on a phone with this exploit or any other exploit? A backdoor? A rootkit? A keylogger? And is there a way to generally detect if something is running on the smartphone which shouldn't be there?

Thanathan
  • 782
  • 6
  • 16
  • 1
    "How to detect malware?" is a HUGE question. Malware authors spend their careers making software that can't be detected. I think the only real answer to your question is "buy a good anti-virus app". – Mike Ounsworth Aug 19 '15 at 14:47
  • 1
    Are there any good anti-virus apps? I heard most of them are more or less useless... – Thanathan Aug 19 '15 at 14:49
  • Here's a question about anti-virus apps on Android: https://security.stackexchange.com/questions/32285/how-do-anti-virus-apps-for-android-work. Note that software recommendation are off-topic here since there's a specific site for that: https://softwarerecs.stackexchange.com/ – Mike Ounsworth Aug 19 '15 at 14:52
  • @MikeOunsworth Strictly, any product recommendation question is off-topic for most SE sites because "they become obsolete quickly" (and some other reasons not really spelled out in the close-vote dialog). The SoftwareRecs site is a very recent development. – Iszi Aug 19 '15 at 18:31

1 Answers1

3

The Stagefright attack is simply a delivery method, an insertion vector, a way in. And only a partial delivery method, at that. By itself, it only allows someone to execute code within the sandbox of the MMS app or web app that's trying to play the malicious multimedia file. In order to actually do any damage they have to combine it with some other zero-day expoit to break out of the sandbox (for example: using a root privilege escalation exploit). Once they're in, they could literally plant any code they want on your phone.

Your question is a bit like asking

"Help, I left my garage door open, what might someone do once they're inside my house?"

what they do once they're in really has nothing to do with which door they came through.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • +1 but I heard Stagefright is not only executable via MMS or is it? Couldn't someone use the same exploit over a website? Okay maybe it's not completely depended on Stagefright, but still the main question/title asks how I could find out if something is running on a smartphone, which doesnt belong there. – Thanathan Aug 19 '15 at 14:37
  • Fair. I'll correct that. – Mike Ounsworth Aug 19 '15 at 14:42