What Android users need to know about the “Stagefright” vulnerability

If you’re an Android user, you may be aware of the new Android vulnerability “Stagefright.” If not you’ll want to pay attention to this.

On Monday, a researcher from Zimperium zLabs discovered a series of high-severity vulnerabilities related to Android’s native media player, Stagefright.  The vulnerability exposes 95% of Android phones to an attack delivered by a simple multimedia text message.

How does it work?

The “Stagefright” vulnerability can carry serious security implications.  All an attacker needs to send out an exploit is a mobile phone number.

From there, attackers can send out an exploit packaged in a Stagefright multimedia message (MMS) that would enable them to remotely control and steal data from your mobile device.

Any number of applications can process MMS content, potentially exposing you to exploits. However, devices using Google Hangout pose the biggest risk as the victim might not even know they received a message before an attacker takes control of their device. Other attacks require a user to open their default SMS messaging app to view the message thread itself  before the exploit will work.

What can Android users do?

Unfortunately, manufacturers can be slow in releasing patches out to users. Until a patch becomes available, we recommend disabling “auto-fetching” of MMS messages on your device’s default SMS messaging app. This will make it harder for your device to be exploited by the vulnerability.

To disable “auto-fetching” of MMS on your Android device, follow the instructions outlined in this article, written by the mobile security company, “Lookout”. Have questions about the vulnerability? Give us a call at 1.800.379.7729.

About Ryan Barrett

Ryan is Intermedia's Vice President for Security and Privacy.