The ‘Stagefright’ bug is a serious issue with almost 100 per cent of Android devices potentially vulnerable: Specially crafted malware hidden inside a multimedia message (MMS) can stealthily exploit this vulnerability; only the phone number of the target Android phone is needed. Alarmingly, no user interaction is needed at all. The result is that hackers can, with a single message, silently and completely take control of a smartphone. Hundreds of millions of Android devices from Samsung, Motorola, HTC, LG, Sony, and hundreds of other manufacturers are at risk.

Furthermore, another serious vulnerability ‘Certifi-gate’ is also affecting hundreds of millions of Android devices. Certifi-gate allows applications to gain illegitimate privileged access rights, typically reserved for remote support applications that are either preinstalled or personally installed on Android devices. Attackers can exploit Certifi-gate to gain unrestricted device access, allowing to steal personal data, track device locations, turn on microphones to record conversations, and much more.  The vulnerability can only be resolved after a new software build is pushed to the device as well as updating multiple components and mobile remote support tool plugins from a range of different vendors.

The OmniCrypt™ Mobile Encryptor 230 is fully immune against these and all other vulnerabilities: with regard to Stagefright, there are no phone numbers involved an attacker could target within the secure system of the OmniCrypt™ Mobile solution. Furthermore, technical measures within the Encryptors prevent receiving/processing MMS (or SMS) messages. Analysing Certifi-gate, it can be seen that the Encryptor 230 doesn’t allow any installation of 3rd party applications or activate pre-installed apps because they have been removed from the source code.

Keep Your Secrets Secret