MSP Blog Logo

Cyber Security

Business Growth

Sales and Marketing

IT Services


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

A Bad Case of Stagefright: Vulnerability Resurfaces in Apple Devices

Posted July 21, 2016by Joseph Tavano

Imagine this scenario:

You woke early from a great night of sleep, well rested. The sun is shining outside. It’s Saturday, and you have no plans whatsoever, for the first time in a long time. The day is yours to make it whatever adventure you choose it to be. The world isn’t perfect, but right now life is good.

You take your phone off the charger, and notice tat you have no messages. Odd! You typically have a few, if only from social media. Further investigation reveals your contact list is gone. Emails, texts, messages, and photos too. Apps, data—everything has been wiped from your phone! While you were sleeping, the attacker gained access to all of your sensitive data through your phone, locked you out of your email and banking accounts, and gained access to your business’ secure network. And to make matters worse, you don’t know how it happened.

Scary, right? The nearly one billion Android devices in the market were put at risk for this hack known as Stagefright when it was unleashed and exposed last year. And now, Mac and iPhone users are said to be at risk too.


What Is This Stagefright Megabug?

Stagefright is a vulnerability named after the media library that helps unpack multimedia messages (MMS). Even though it was originally exposed last year in the Android operating open-source system, the exploit (which has been around for a while, going all the way back to Android version 2.2) now affects both iOS and OSX operating systems. To make matters worse, users do not even need to open a message for the device to be exploited—it only needs to be received. A hacker can compromise a device, delete the message and be in control before anyone even knows it happened. According to Infosecurity Magazine, Stagefright is an image rendering bug, endangering email clients and messaging apps that auto-render and auto-display images. And you thought you only had to worry about people clicking links and opening attachments! 

When discovered by Joshua Drake, vice president of research and exploitation at Zimperium Mobile Security, the collection of Stagefright exploits (there are technically seven CVEs) had been dubbed “the worst Android vulnerabilities discovered to date.” The bug caused alarm, and it was estimated that it could affect 95% of the approximately 950 million Android devices. And now, the bug has been exposed on Macs and iPhones.

Is It Time to Panic?

Before tossing that new iPhone 6s out the window, take a deep breath. Apple has already released updates (iOS 9.3.3 and OSX 10.11.6), so make sure to update as soon as you can to protect yourself from these vulnerabilities. As for Android users, Zimperium promptly reported the vulnerability to Google after he discovered the bug last year, as well as patches to resolve the issue. Google enacted these patches to internal code branches within 48 hours, and quickly rolled out a fix for pure-Android phones. Other popular smartphone developers such as Samsung, GTC, and LG also quickly rolled out patches for the bug.

What Can Be Done?

Patch, patch, patch! Your Mac and iPhone will be at risk if you do not install the latest update. It’s becoming clear that phone numbers, like all other pieces of information tied to identity, are becoming important to safeguard. In light of the Stagefright vulnerabilities, keep the settings of your messaging app set to not accept messages from unknown sources, and to not auto-download MMS messages. Furthermore, if your phone is used for enterprise or business purposes, be sure it is equipped with an effective mobile device management (MDM) solution to safeguard your device, your network, and to deploy patches internally. In light of such vulnerabilities such as Stagefright, mobile device management is now a must-have offering for MSPs who are serious about embracing an integrated and complete device-security strategy that will keep SMBs protected.

Want to help your clients stay safe when on their smartphones?



See also:

Joseph Tavano is Senior Content Marketing Manager at Continuum, with more than 14 years of experience in content creation, content marketing, event marketing, marketing communications, demand generation and editorial across a range of industries. He is the author of several eBooks, blog posts, thought-leadership articles and other marketing and product collateral that enable Continuum partners and IT service providers in the channel to make their businesses stronger and grow their profits. In 2016, he launched the Continuum Podcast Network, which publishes multiple shows every week and reaches tens of thousands of IT professionals every year. A native of Boston, he holds bachelors in English and History from Suffolk University and resides in Salem, Massachusetts.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus