This week, a security researcher revealed a series of high-severity vulnerabilities related to a native Android media player called Stagefright that appears to affect all versions of Android from 2.2 (Froyo) to at least Android 5.1.1_r5 (Lollipop).  Which means about 95% of Android phones in the world are susceptible.

These vulnerabilities have serious security implications, as an attacker could exploit them to remotely control and steal data from a device by sending a victim a multimedia message (MMS) – videos, photos, audio, text – packaged with an exploit.  To make matters worse, a user can be exploited without doing a single thing.  That’s because, in order to reduce video viewing lag time, Stagefright automatically processes the video before you even decide to watch it.  Once inside, an attacker can access your phone’s data, photos, camera, and microphone. It can even execute code. And if they steal your contact list, they’ve just acquired a whole new set of potential victims.

A researcher at a mobile security company developed provided patches, which Google applied within two days. But the problem still isn’t solved, because Google’s Android system relies on its partnering phone-makers to push out software upgrades. That means Samsung, HTC, LG, Lenovo, Motorola, Sony, and others, are responsible for delivering the patches to customers.

“In today’s world we all rely on technology,” said Heath Gieson, Vice President of Technical services at SLPowers. “Unfortunately the common knowledge of users has not caught up to the mass of knowledge held by nefarious actors.

“This means that in order to properly protect themselves, users need to stay of aware of issues like this. Ultimately the way to protect against this is a simple setting change that prevents the phone from downloading multi-media text messages automatically. Once this setting is changed, the user can now decide if they want to open a multi-media text message on per sender basis.”

If you are an Android user, changing your setting for MMS auto-retrieval should be at the top of your priority list.  Open your default messaging app, go to its settings and find the option for auto-retrieving multimedia messages.

Now uncheck that box.

This allows you to have control over whether or not to download any media (photos, videos, etc.) that come with multimedia messages sent to you. You will be prompted to accept or reject MMS messages, but it’s a small price to pay to protect your device from becoming a hacker’s newest plaything.

Categories: Data Security, Hackers

Tags: Data Security, Hackers, information security