Many people have experienced stage fright at some point in their lives, such as in an elementary school play or while having to give a PowerPoint presentation in college. Now approximately 95% of Android devices are at risk of experiencing stage fright as well.
According to a recent article by androidcentral, “Stagefright” is a newly discovered exploit in the open-source-code Android operating system that affects the library called “libStageFright,” used by Android devices to interpret the content sent via Multimedia Messaging Service, or MMS. This vulnerability can even be exploited by a maliciously crafted MMS message without the user opening it, giving an attacker access to the user’s data, including contact list and photos. Because libStageFright dates back to Android 2.2 (Froyo), millions of Android devices are subject to this dangerous vulnerability.
According to an article from Fortinet, the vulnerability is found in the header of received Multimedia Messaging Service (“MMS”) messages. These headers include details such as total size and “box type.” The box type, at the core of the vulnerability, describes the different aspects of certain multimedia files such as a file type, media data, album cover, and so on.
Fear not. As with people, Android devices can eventually overcome Stagefright. Android partners such as Samsung and LG roll out updates with fixed patches to their cellular products in regular intervals.
In the meantime, users have a few options to protect themselves while they wait for patches. Android applications that use MMS messages, such as Hangouts and Messaging, can be hardened by unselecting “automatically retrieve MMS Messages.” This will prevent your device from automatically downloading MMS.
Howtogeek recommends the following instructions for disabling MMS auto-retrieval:
- Messaging (built into Android): Open Messaging, tap the menu button, and tap Settings. Scroll down to the “Multimedia (MMS) messages” section and uncheck “Auto-retrieve.”
- Messenger (by Google): Open Messenger, tap the menu, tap Settings, tap Advanced, and disable “Auto retrieve.”
- Hangouts (by Google): Open Hangouts, tap the menu, and navigate to Settings > SMS. Uncheck “Auto retrieve SMS” under Advanced. (If you don’t see SMS options here, your phone isn’t using Hangouts for SMS. Disable the setting in the SMS app you use instead.)
- Messages (by Samsung): Open Messages and navigate to More > Settings > More settings. Tap Multimedia messages and disable the “Auto retrieve” option. This setting may be in a different spot on different Samsung devices, which use different versions of the Messages app.
The article also recommends switching to third-party MMS applications such as Snapchat or WhatsApp, which do not harbor the vulnerability.