Android has a major chink in its armor called the Stagefright Android Hack.
In this hack, an innocuous looking video-embedded message that you receive on your Android device becomes the threat. Sent by an attacker, this MMS message can be used to gain access to your device and personal data. But there is a catch. You don’t even have to open the message and view the video to fall prey to it.
Also, it is not necessary that the MMS is laced with a malicious code. It will appear and behave like a normal message but with a difference. Using the MMS, the attacker can access the apps on your device, view all your personal data and even use Bluetooth. With this newfound power to access and control data remotely, the attacker can erase all the data on your device stealthily.
In some cases, the attacker may also quickly delete the evidence of the sent MMS by remotely wiping it off your device.
All this happens without your knowledge. You will get a notification of course, but by the time you find out that an MMS was sent on your device from an unknown source, it will get wiped clean from your device.
What is the root cause of this hack? The answer lies in Android OS itself. Messaging apps in the Android OS such as Hangouts, have the capability to automatically process video. This loophole makes your Android device a repository for malicious code through the hack.
Source :
According to a security firm, all Android devices with the exception of Android version 2.2, are vulnerable to this threat. Since Android dominates the smartphone market with a share of 82.8%, it can be estimated that as many as 950 million devices are at risk, leaving developers and users more concerned than ever.
So, how can you prep up for the hack? Let us take a look at some of the ways, through which you can beef up the security of your Android device to prevent your device from being hacked.
Wait for patches released by Google
Google is working out a number of patches for Android devices in order to close this security loophole. The tech-giant recently issued a Nexus security bulletin in August, which contains details on multiple CVEs (Common Vulnerabilities and Exposures).
It includes information like :
- When did the partners received notification
- The build of Android featured fixes
- Other mitigating factors
However, how quickly your device can get a patch, depends on the manufacturers and carriers. Users have to wait for the system updates to get the fixes. Companies such as HTC and Motorola have already joined the bandwagon and are patching up the devices for their end-users.
Also, Google announced that there is a monthly security update on the cards for Nexus and that it has fixes ready for a number of popular devices, which include :
- Android One
- LG Electronics G2, G3, G4
- Sony Xperia Z2, Xperia Z3, Xperia Z4, Xperia Z3 Compact
- Samsung Galaxy S6, S6 Edge, S5, S4, S3, Note 4, Note 4 Edge
- HTC One M7, One M8, One M9
But what if you own a device that doesn’t get a patch at all? Looking at Android’s device fragmentation, it is unlikely that all the devices will get patches at the same time.
In that case, you can rely on certain apps to add an additional layer of security in your device. Stagefright Detector is one such app, which you can use to protect your mobile device from this potential threat.
Install Stagefright Detector app
This app is created by Zimperium, the security company which reported the hack. Named the Stagefright Detector app, the app can help you determine whether or not your device is at risk from the Stagefright hack. The app basically scans your mobile and tells you about its vulnerability. It also suggests you to update the OS to a newer version, if it is required.
Another interesting feature brought forth by the app is that it anonymously collects data and fingerprints the vulnerable devices. This information is helpful in creating future patches and mitigating the risk for millions of Android devices. Available on the Google Play Store for free, you can definitely give this app a try to up the security ante of your device.
Disable ‘Auto-Fetching’ of MMS in Messaging apps :
The crux of the Stagefright hack is MMS, which are read by the device automatically. By disabling the ‘auto-fetching of MMS’ feature in the Messaging apps on your device, you can protect it from the hack to an extent.
Take a look at some quick steps, which will help you manually disable the auto-fetching of MMS feature in Hangouts and Messages.
How to disable MMS auto-fetching in Hangouts? :
Open Hangouts, tap Options>Settings>SMS. Check whether you have SMS enabled for Hangouts. If it is enabled, then go to Advanced Settings>Auto Retrieve MMS and uncheck the box next to it. This will disable Hangouts from auto-fetching MMS on your device.
How to disable auto-fetching of MMS in Messages app?
Open Messages>More>Settings>More Settings>Multimedia Messages.
Turn off Auto Retrieve option present under Multimedia Messages and auto-fetching will be disabled.
Google also mentioned recently, that it has updated the Hangouts and Messenger to stop these apps from automatically processing video messages in the background. But if you haven’t updated your device of recent, you can always carry out the steps manually.
Calling it a day
These are some of the preventive measures that you can take in order to avoid the Stagefright hack. To be on the safer side of things, avoid opening any MMS or message that comes from an unknown source. Also, make it a point keep the settings in the messaging apps as it is, till you get the patch for the device.[su_box title=”About Ann Lewis” style=”noise” box_color=”#336588″]
Ann Lewis is a content marketer at MoveoApps, an iPad Apps Development Company. She is a true believer in making the digital world accessible to all and covers latest technology, marketing and industry trends. She has an unending passion for learning and loves to explore new stuff.[/su_box]
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
