New bug has sneaked into 95 per cent of Android smartphones via MMS
It has been found within MMS capabilities on Android phones running OS 2.2 and later
A new, extremely dangerous flaw dubbed Stagefright, has been discovered within the Multimedia Text Message (MMS) capabilities on Android phones running OS 2.2 and later. This appears to affect about 95 per cent of android phones.
What does Stagefright do?
If you have Auto Download capabilities enabled on your text messaging application on your Android phone, an attacker can send an MMS, which can be a photo, video or other piece of media to the device containing malicious code, allowing the exploit to be executed without the users’ knowledge.
Stagefright can then bypass the permissions on the phone, allowing the attacker to access other parts of the phone such as SD cards, cameras and anything containing personal data. All an attacker needs is a phone number, and once the text is sent, the vulnerability is then silently executed without any knowledge on the users’ part.
What can you do to be protected?
- Visit your cell phone manufacturers’ website for details on whether a patch for this vulnerability is available.
- You can also disable Auto Retrieve MMS based on which application is being used for text messages, such as Google hangouts or Google Messenger (which is the default messenger for Android phones). If you are using Google Messenger as your text messaging app, you can turn off Auto Retrieve by going into the settings of the app, advanced, and turn off Auto Retrieve. To ensure this is off, make sure the blue button is grey.
- If you are using Google Hangout as your text messaging client, go to settings, advanced, SMS and uncheck Auto Retrieve SMS.
It is important to keep in mind, this is only a partial, temporary solution. Even with auto-retrieve MMS turned off, it is possible for a user to accidentally download a malicious message. Therefore, it is extremely important for a user to make sure their phone manufacturer has plans to patch this vulnerability by checking their website. For users on older phones where the manufacturer is no longer providing updates, users should consider upgrading to a newer device.
While Norton Security does not protect against this particular vulnerability from being exploited, it does offer protection for a variety of other threats.
Norton Mobile Security’s App Advisor provides proactive protection from malicious apps before you download them. App Advisor scans apps in the Google Play Store looking for features that can invade privacy; display annoying/intrusive behaviors such as pop up ads or excessive battery usage, and unnecessary data usage. It will also detect if an app contains malware or is malicious in nature. Norton Mobile Security is available from the Google Play Store.