Stagefright scan and removal tool

0xID Labs has created a utility to scan for and remove malformed media files that match certain criteria that resemble a Stagefright exploit.

Update August 6, 2015: In light of the recent disclosure by Zimperium at Black Hat 2015, we’ve updated coverage for additional threat vulnerabilities.

This tool is for immediate release to use by any and all. We continue to monitor the story as it develops and will update the utility if needed. The utility covers detection for the following Android vulnerabilities related to the Stagefright exploit:

• CVE-2015-1538
• CVE-2015-3824

Download the Stagefright scan and removal tool here:
http://www.0xid.com/download/0xidStagefrightResponseTool.apk

Stagefright Response Tool additional info

• If no exploit media detected, displays this message:
  “This device was not attacked by exploits of StageFright vulnerabilities”
• The expected result for “Scan Media Files” is to display a list of malicious 3gps files and allow delete action of found files
• If no malicious 3gps files are found, displays “No malicious media files found on the device…”

Mitigation

Additionally, and at least until your device manufacturer provides a core update, there are steps you can take to minimize your risk of receiving and activating malformed media files that attempt to harness the Stagefright vulnerabilities to execute arbitrary code:

1. Update your device regularly – when a software update is made available it will be installed

2. Disable Auto-downloading of MMS, include Hangout and regular messaging apps

HANGOUT: Disable Auto Retrieve MMS
Open Hangout
Tap Options on the top left corner
Tap Settings -> SMS
In the Advanced uncheck Auto Retrieve MMS

MESSAGES: Disable Auto Retrieve MMS
Open Messages
Tap More -> Settings -> More Settings
Tap Multimedia Messages -> Turn OFF Auto Retrieve.

Avast Labs created some additional instructions to assist customers in helping to mitigate this collection of vulnerabilities, here.

0xID Labs