StageFright Bug Affecting Android Devices

A vulnerability has been discovered in the Android operating system that allows an attacker to access data stored on your device or remotely install software by just having your mobile phone number. This vulnerability is being referred to as “StageFright”. All Android based phones after and including versions 2.2 are vulnerable.

An attacker can use your mobile number to remotely execute code using a media file delivered via text message such as a picture or video message. You are especially vulnerable if you have your device configured to auto-download media in your messaging apps.

You can take the following actions in this regard:

  1. To turn off auto-downloading of MMS messages..

OPEN SMS app – tap MENU > SETTINGS > Multimedia messages > Auto retrieve, REMOVE check mark. You will now be prompted to download an image when receiving an MMS message.

  1. To block messaging from unknown contacts…

OPEN SMS app – tap MENU > SETTINGS > SPAM FILTER, Turn ON > Select “Block unknown senders”

It is also recommended that you contact your device manufacturer and cellular data provider to identify if and when a patch may be available for your individual device and operating system.

For further information please see:

http://www.cbc.ca/news/business/stagefright-bug-makes-nearly-1-billion-android phones-vulnerable-zimperium-says-1.3171108