What do you think about the current threat of "Stagefright" assuming that this security hole will never be patched by ASUS on the Padfone 1 - are we screwed?
I personally have a rooted Padfone and modified the values from "true" to "false" in the following entries of "build.prop" by using an editor:
This is just another media hyped security issues, they are all over the place, there are many more security issues with Android, especially when you root your phone.
If you want to be safe you shouldn't root it in the first place, because you're vulnerable to many more attacks, stagefright is "just one of them"...
Playing around with this issue a little, I've found out that renaming the file "libstagefright.so" located in the folder "/system/libs/" to something that cannot be accessed (for example "libstagefright.so.bak") seems to be safe, as when doing so, Zimperiums Stagefright Detector says "Congratulations! Your device is not affected by vulnerabilities in Stagefright"!
The only problem is that when restarting the "Padfone", you cannot leave the file renamed this way, as the "libstagefright.so" obviously is used in the booting process to play the boot animation, so if it is not found, the device will be hanging in a boot loop and you will need to rename it back manually with a custom recovery (I'm using TWRP v2.6.3.0 for this purpose). Users with other devices have experienced the same, see here: http://forum.xda-developers.com/showpost.php?p=62367845&postcount=63
SparkyRih, I'm using your firmware "PadFone_SR007-10.5.1.4_WW", and so my question is:
Is there a way for me to "modify" something in the system to "disable" the boot animation, so that "libstagefright.so" is not needed and thus prevent the boot loop?
If there is no way for me: May I ask you to "cook" a new ROM without a boot animation, please?
There are many more leaks in Android, this is just one that got public attention... If you really want to be safe you shouldn't run my rooted ROM or root your phone manually in the first place, it opens even more doors...
Have you tried to replace the file libstagefright.so by one which is "patched" instead of completly renaming it ?
You have a little chance that it will work if it don't depend on other lib version
For a "patched" version of libstagefright.so it would require a reliable source - do you have any suggestion (download link)?
Currently I'm using another solution: I've written a script which I placed in the "init.d" folder that is executed at boot time - it
1) renames the file "libstagefright.so.bak" back to "libstagefright.so" thus preventing a boot loop 2) waits for the first "android service" starting (which is the case right after the boot process is completed) and then 3) immediately renames "libstagefright.so" back to the (hopefully) not executable "libstagefright.so.bak" to prevent any exploits
I've tested this method for a while and could not find any issue with doing that. Android is working fine, and this way each time the Zimperium Stagefright Detector says "Congratulations! Your device is not affected by vulnerabilities in Stagefright"!
I could post the init.d script here if anyone is interested.