Will Stagefright kill Android?
0
Howard DeAlvarado
Will Stagefright kill Android?

stagefright
I’ve been a big fan of Android phones since day one. I went from using a Blackberry to an Android and never looked back. Of course with features and versatility comes risk. Over 950 million Android phones are out there being used every day. We store our phone numbers, e-mails, calendars, private notes and all kinds of other important data on our phones.

A security vulnerability that could hack, steal or even erase your data is a serious problem

So when a security vulnerability is found in the Android operating system that could hack, steal or even erase that data…that’s a serious problem. It’s called the Stagefright vulnerability (aka Heartbleed for Android).

It was found by Joshua Drake, a security researcher, back on April 9th. He reported it to Google and they released a fix shortly afterward to our wireless carriers. What can happen is a hacker sends you a multimedia message, or MMS, with a malicious code in it. Your phone automatically receives the message and interprets it without your permission. Bam you’re infected. What happens after that depends on what the hacker tells the code to do.

The question is, why haven’t we gotten this very important security fix yet? We haven’t received it, because our carriers are dragging their feet. The way the updates for Android work is like this; Google releases the update to the carriers, then they put the update into their own code and then release it to the public. Verizon, Sprint, T-mobile and all the other service providers from great to small have gotten this fix from Google, but as of today, not one has released it.

You would think that the security of 950 million customers would be a top priority
to these companies, but apparently not.

Maybe after few thousand angry letters they might listen. In the mean time, there are two options: Root your phone or simply change a setting.

Rooting your phone isn’t exactly easy and it comes with a risk. You are basically replacing the operating system of your phone. If you mess it up, you can ruin your phone. It voids your warranty to even try it. It’s definitely not for the non-tech savvy or the faint of heart, so for now, changing the setting is probably your best answer. Here’s how (UPDATE: If your phone has received the update to fix Stagefright you don’t need this. Check HERE to see if your phone is on the update list or install the Stagefright Detector app mentioned below to make sure):

How to turn off auto-receive for MMS:
1) Open your text messaging app on your Android phone.
2) Go to settings and find auto-receive MMS.
3) Turn it off.
4) Hit back to return to the app.

Here’s a quick tutorial if you need it:
http://www.greenbot.com/article/2954235/android/how-to-protect-yourself-from-the-stagefright-security-flaw.html

You can also try this one:
https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html

There is a minor inconvenience with turning this off. That is you will have to click a button to receive any attachment (pic, etc.) from a text. It will stop auto-receiving these attachments thus foiling any attempt to insert any malicious code to your phone without your knowledge. It is still possible to get infected if you click on an infected attachment, so be careful who you open attachments from. If you don’t know who they are, don’t open it. It’s basically the same rule for unrecognized e-mail attachments. When in doubt, leave it out!

If you have any questions regarding this or any other computer issue feel free to contact me via the Contact Us page or by e-mail. Safe (mobile) computing!

UPDATE: If you want to know if your specific phone is vulnerable there is a Stagefright detection app by Zimperium INC. Just go to the Play Store on your phone and search for “Stagefright detector app” or click the below link for more info.

https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector

Please note that the app DOES NOT fix Stagefright. Its only purpose is to tell you if you are vulnerable. The only way to fix it is by applying the update from your carrier when they release it. You can still greatly reduce your chances of infection by changing the MMS settings mentioned above. Cheers!

UPDATE 2: It looks like a few Android devices have been finally updated! Here’s a short list:

* T-Mobile Galaxy Note 4
* T-Mobile Galaxy S5
* AT&T Galaxy S6 & S6 Edge
* Verizon Note Edge and Note 4

If your device is on the list make sure you go to Settings>About device>Software update to get the update if you haven’t already.

UPDATE 3 : Here is a more up-to-date list of phones that have received the Stagefright fix so far:
http://www.androidcentral.com/list-devices-stagefright-patches

Is your cell phone safe?
0
Howard DeAlvarado
Is your cell phone safe?

7 tips on downloading mobile apps and increasing your phone’s security.cell phone security

It seems that almost everyone owns a smart phone. You can access the internet, e-mail, share files, play games and even print. All that information can be stored on your phone; does this mean we should be concerned about security? You bet.

Here are some ways to keep them out:

  1. You get what you don’t pay for.
    Most free apps you can download in the app store are sponsored in order to help pay for the app and its updates. Some use simple ads, while others gather information from your phone and sell it to marketers to pay the bills. Apps that you pay for are less likely to do this.
  2. Just say no to 3rd party apps.
    Some people have found ways around paying for apps by downloading them from websites. Stay away from this. Google and Apple both have security requirements in order to post an app in their stores. Websites don’t have these restrictions and the apps they offer may have been modified to include malicious code.
  3. Check the rating. Read the reviews.
    See what people are saying about the app. A good rating is not enough. Somebody may have noticed a problem with an app’s behavior and is trying to warn others.
  4. The less permissions, the better.
    You may notice when you are about to install an app that there are certain permissions that appear (iPhone users should check under Details before installing). Some apps need to access your phone’s account information, call history or the internet. Sometimes this is necessary for the app itself to function and other times it is not. Ask yourself if these permissions correspond with what the app is meant to do. The less permissions the app requires, the safer it is.
  5. Be careful when you update.
    Apps don’t always get better as they go. Sometimes the developer will release an update with bugs or the newer version may now have ads. Again, refer to the reviews to see who is unhappy about the newer version and why, before you decide to update.
  6. Install a mobile security app.
    If you are worried about the current state of your mobile device you can try installing a security app. ESET Mobile Security, 360 Mobile Security and BitDefender are among the best apps right now. They will allow you to scan for malicious apps, do a security check and some even help you recover a lost phone.
  7. Backup your data.
    Like the data on your computer, you should never keep it in only one place. Make sure you have a copy of your files, pics and music on your computer or a backup drive. If you’re not sure you can live without those files, back them up. Try Google Drive or Dropbox.

Still have questions or need help? Feel free to let me know at service@gocomputerace.com.