• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Android   »   Epic Android Vulnerability – What does it mean for you?

Epic Android Vulnerability – What does it mean for you?

  • Posted on:July 28, 2015
  • Posted in:Android, Data Privacy, Mobile Security, Security, Vulnerabilities
  • Posted by:Christopher Budd (Global Threat Communications)
0

Security researchers are reporting new, serious vulnerabilities that, they claim, affect 95 percent of the Android phones out there.

If that’s not alarming enough, according to the researchers, these vulnerabilities allow attackers to take complete control of your phone with zero interaction—you just need to receive a specially-made multimedia message (MMS).

They’re calling this cluster of vulnerabilities “Stagefright.”

The good news is the researchers say they have worked with Google and there are now fixes available.

But, and here’s where this situation gets much, much worse—there’s a catch.

In short, once more we are confronted with the ongoing quandary of if, when and how Android customers can get security fixes for their phone.

As I discussed last month, just because security fixes are available for Android doesn’t mean they’ll be available to your specific phone and version of the OS. And even when fixes are available, there are still questions around the ability to actually get them on your phone.

Based on this, what can you do to protect yourself? First, disable your phone’s MMS. Trend Micro researchers have shown that this can help protect against attempts to attack these vulnerabilities. So until you have a fix for this problem, that’s a good step to take. If you don’t use MMS, then you should disable that feature and keep it disabled. There’s no reason to keep something turned on if it isn’t used.

Taking the time now to disable a feature you don’t need or use is good advice in general as more security problems emerge and this precaution can prevent problems down the line. As we saw with Microsoft Windows, there can be serious security problems with multimedia files. Now, that attackers are turning their attention to multimedia files on Android, it’s very likely that we will see other problems like this in the future.

Sadly, this episode is only the latest reminder that Android is a platform with significant security challenges. As we reported in our Q1 2015 Threat Report, we saw Android malware and high-risk apps spike to the 5 million mark in March 2015.

This means that in addition to always running security software on your Android device, you should disable features and services that you don’t use or need, just like with Microsoft Windows.

How to Turn Off Auto-receive for MMS

One thing you can do to help protect yourself against the MMS (multimedia messages) vulnerability in Android, is to turn off the auto-receive for multimedia messages in your default messaging (text) application.

Here’s an example from a Samsung Note 3 smartphone, using Android 5.0 (Verizon is the carrier). Your default messaging/text application settings may differ.

1. To discover which app you’re using as your default messaging app, tap the Settings app on your Android device. The Settings screen opens.

image 1image 2

 

 

 

 

 

 

 

 

 

 

 

 

2. Scroll down to your Default applications menu item and tap it.

 

image 3

 

 

 

 

 

 

 

 

 

 

 

 

 

3. In the Messages section, view the name of your default messaging app, then close the Settings.

4. Locate your default messaging app on your device screen and tap it to open it.

 

image 4image 5

 

 

 

 

 

 

 

 

 

 

 

 

5. Now tap the Menu/Settings icon or button on your smart device.

 

image 6

 

 

 

 

 

 

 

 

 

 

 

6. In the popup menu, tap Settings.

 

image 7

 

 

 

 

 

 

 

 

 

 

 

7. Tap Multimedia messages.

 

image 8

 

 

 

 

 

 

 

 

 

 

 

8. In the Multimedia messages screen, uncheck Auto retrieve.

 

image 9

 

 

 

 

 

 

 

 

 

 

 

 

9. Check MMS alert to receive alerts when the mode changes to a multimedia message.

10. Tap the back-arrow twice to return to the main screen for receiving your messages.

Click here to watch more.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. The Show Goes On—More “Stagefright” Horrors with Auto-Play Videos
  2. Hacking Team: The Android Connection
  3. Unpatchable Android?
  4. Are Your Android Apps Invading Your Privacy?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.