Security researchers are reporting new, serious vulnerabilities that, they claim, affect 95 percent of the Android phones out there.
If that’s not alarming enough, according to the researchers, these vulnerabilities allow attackers to take complete control of your phone with zero interaction—you just need to receive a specially-made multimedia message (MMS).
They’re calling this cluster of vulnerabilities “Stagefright.”
The good news is the researchers say they have worked with Google and there are now fixes available.
But, and here’s where this situation gets much, much worse—there’s a catch.
In short, once more we are confronted with the ongoing quandary of if, when and how Android customers can get security fixes for their phone.
As I discussed last month, just because security fixes are available for Android doesn’t mean they’ll be available to your specific phone and version of the OS. And even when fixes are available, there are still questions around the ability to actually get them on your phone.
Based on this, what can you do to protect yourself? First, disable your phone’s MMS. Trend Micro researchers have shown that this can help protect against attempts to attack these vulnerabilities. So until you have a fix for this problem, that’s a good step to take. If you don’t use MMS, then you should disable that feature and keep it disabled. There’s no reason to keep something turned on if it isn’t used.
Taking the time now to disable a feature you don’t need or use is good advice in general as more security problems emerge and this precaution can prevent problems down the line. As we saw with Microsoft Windows, there can be serious security problems with multimedia files. Now, that attackers are turning their attention to multimedia files on Android, it’s very likely that we will see other problems like this in the future.
Sadly, this episode is only the latest reminder that Android is a platform with significant security challenges. As we reported in our Q1 2015 Threat Report, we saw Android malware and high-risk apps spike to the 5 million mark in March 2015.
This means that in addition to always running security software on your Android device, you should disable features and services that you don’t use or need, just like with Microsoft Windows.
How to Turn Off Auto-receive for MMS
One thing you can do to help protect yourself against the MMS (multimedia messages) vulnerability in Android, is to turn off the auto-receive for multimedia messages in your default messaging (text) application.
Here’s an example from a Samsung Note 3 smartphone, using Android 5.0 (Verizon is the carrier). Your default messaging/text application settings may differ.
1. To discover which app you’re using as your default messaging app, tap the Settings app on your Android device. The Settings screen opens.
2. Scroll down to your Default applications menu item and tap it.
3. In the Messages section, view the name of your default messaging app, then close the Settings.
4. Locate your default messaging app on your device screen and tap it to open it.
5. Now tap the Menu/Settings icon or button on your smart device.
6. In the popup menu, tap Settings.
7. Tap Multimedia messages.
8. In the Multimedia messages screen, uncheck Auto retrieve.
9. Check MMS alert to receive alerts when the mode changes to a multimedia message.
10. Tap the back-arrow twice to return to the main screen for receiving your messages.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.