MobileRead Forums - View Single Post

tomsem · 07-30-2015, 12:43 AM

I called Mayday (my first call!), and asked them what they could tell me if Fire Phone was vulnerable to StageFright exploits, and unfortunately they did not know the answer. Apparently I am the first person to ask about it.

I talked to three different people as I worked through the support layers. The last person assured me that 'this is not Android' but, well, it kinda really is. Of course Fire Phone has a Messaging client presumably written by Amazon, and that might provide some prophylactic protection (in actuality, an infected video does not need to be delivered by messaging, but that is the worst-case scenario as user has no defense short of turning the phone off and keeping it off). The issue is with Android's media playback module, which I can imagine Amazon has simply adopted for Fire OS as otherwise they'd need to develop (and test) their own. So at this point, I assume there could still be a problem.

I encouraged them to look into it and perhaps let their customers know that it is not a Fire Phone problem, you know, just another reason to get a Fire Phone because of its superior security features as compared to Android. Or obviously, get a patch out ASAP if it is susceptible.

I forgot to remind them to update the Fire Phone updates page with some details about 4.6.3. I have not noticed any changes, so it is probably the usual 'bug fixes and performance enhancements'.

Needless to say, Fire tablets would have the same media playback module, though they don't have a messaging client to deliver an exploit in such a hacker friendly way.

07-30-2015, 12:43 AM	#8
tomsem Grand Sorcerer Posts: 6,955 Karma: 27060153 Join Date: Apr 2009 Location: USA Device: iPhone 15PM, Kindle Scribe, iPad mini 6, PocketBook InkPad Color 3	I called Mayday (my first call!), and asked them what they could tell me if Fire Phone was vulnerable to StageFright exploits, and unfortunately they did not know the answer. Apparently I am the first person to ask about it. I talked to three different people as I worked through the support layers. The last person assured me that 'this is not Android' but, well, it kinda really is. Of course Fire Phone has a Messaging client presumably written by Amazon, and that might provide some prophylactic protection (in actuality, an infected video does not need to be delivered by messaging, but that is the worst-case scenario as user has no defense short of turning the phone off and keeping it off). The issue is with Android's media playback module, which I can imagine Amazon has simply adopted for Fire OS as otherwise they'd need to develop (and test) their own. So at this point, I assume there could still be a problem. I encouraged them to look into it and perhaps let their customers know that it is not a Fire Phone problem, you know, just another reason to get a Fire Phone because of its superior security features as compared to Android. Or obviously, get a patch out ASAP if it is susceptible. I forgot to remind them to update the Fire Phone updates page with some details about 4.6.3. I have not noticed any changes, so it is probably the usual 'bug fixes and performance enhancements'. Needless to say, Fire tablets would have the same media playback module, though they don't have a messaging client to deliver an exploit in such a hacker friendly way. Last edited by tomsem; 07-30-2015 at 01:34 AM.