Android OS is an open platform, but some cybercriminals misuse this good initiative of Google, by releasing bug infested applications risking security of the mobile devices.
Many new bugs are being discovered every year and are neutralised quickly, thanks to regular checks by Android engineers. But this latest Stagefright vulnerability is the most threatening to until date. It is said to have the potential to wreck havoc to close to a billion devices across the world.
What is Stagefright bug?
Security loophole -- now known as 'Stagefright media playback engine' bug -- is touted to be'the mother of all Android Vulnerability' and was discovered a few months back by mobile security firm Zimperium.
It is learnt that 'Stagefright media playback engine', which has been part of Android mobile OS since v2.2, can affect close to a billion devices. Unsuspecting users might might a get an MMS message riddled with malicious code, which when played will install a bug in the phone. Later a hacker can hijack the phone and take all the sensitive details.
Considering the severity of the effect it may have on Android phones (950 million plus devices), the company escalated the issue to Google. The search engine giant wasted no time and released the patch first to its Nexus series devices last week. Even Samsung has released the firmware (via AT&T and Sprint) and Alcatel have released the software patch to their flagship smartphones. Motorola, Sony, LG and HTC have also assured to release the update in August.
As of now, there are no reports of hackers taking control of the Android phones via Stagefright media player bug, but with the news of the vulnerability now becoming public and some of top smartphone makers yet to release the security patch to their device, there is a possibility that cybercriminals will try to trick Android phone owners via MMS messages.
Until the companies release the update the devices, users are advised not to open MMS from unknown senders.
Here is a tutorial on how to disable auto-video retrieving in numerous messaging app (courtesy, Motorola Mobility):
- Messaging (phone's default app): go to Settings. Uncheck "Auto-retrieve MMS."
- Google's Hangouts (if enabled for SMS; if greyed-out, no need to take action): go to Settings > SMS. Uncheck auto retrieve MMS.
- Verizon Message+: go to Settings > Advanced settings. Uncheck Auto-retrieve. Uncheck "Enable weblink preview."
- Whatsapp Messenger: go to Settings > Chat settings > Media auto-download. Disable all video auto downloads under "When using mobile data," "When connected on Wi-Fi" and "When roaming."
- Handcent Next SMS: go to settings>Receive message settings. Disable auto retrieve.