I’ve been a big fan of Android phones since day one. I went from using a Blackberry to an Android and never looked back. Of course with features and versatility comes risk. Over 950 million Android phones are out there being used every day. We store our phone numbers, e-mails, calendars, private notes and all kinds of other important data on our phones.
A security vulnerability that could hack, steal or even erase your data is a serious problem
So when a security vulnerability is found in the Android operating system that could hack, steal or even erase that data…that’s a serious problem. It’s called the Stagefright vulnerability (aka Heartbleed for Android).
It was found by Joshua Drake, a security researcher, back on April 9th. He reported it to Google and they released a fix shortly afterward to our wireless carriers. What can happen is a hacker sends you a multimedia message, or MMS, with a malicious code in it. Your phone automatically receives the message and interprets it without your permission. Bam you’re infected. What happens after that depends on what the hacker tells the code to do.
The question is, why haven’t we gotten this very important security fix yet? We haven’t received it, because our carriers are dragging their feet. The way the updates for Android work is like this; Google releases the update to the carriers, then they put the update into their own code and then release it to the public. Verizon, Sprint, T-mobile and all the other service providers from great to small have gotten this fix from Google, but as of today, not one has released it.
You would think that the security of 950 million customers would be a top priority
to these companies, but apparently not.
Maybe after few thousand angry letters they might listen. In the mean time, there are two options: Root your phone or simply change a setting.
Rooting your phone isn’t exactly easy and it comes with a risk. You are basically replacing the operating system of your phone. If you mess it up, you can ruin your phone. It voids your warranty to even try it. It’s definitely not for the non-tech savvy or the faint of heart, so for now, changing the setting is probably your best answer. Here’s how (UPDATE: If your phone has received the update to fix Stagefright you don’t need this. Check HERE to see if your phone is on the update list or install the Stagefright Detector app mentioned below to make sure):
How to turn off auto-receive for MMS:
1) Open your text messaging app on your Android phone.
2) Go to settings and find auto-receive MMS.
3) Turn it off.
4) Hit back to return to the app.
Here’s a quick tutorial if you need it:
You can also try this one:
There is a minor inconvenience with turning this off. That is you will have to click a button to receive any attachment (pic, etc.) from a text. It will stop auto-receiving these attachments thus foiling any attempt to insert any malicious code to your phone without your knowledge. It is still possible to get infected if you click on an infected attachment, so be careful who you open attachments from. If you don’t know who they are, don’t open it. It’s basically the same rule for unrecognized e-mail attachments. When in doubt, leave it out!
If you have any questions regarding this or any other computer issue feel free to contact me via the Contact Us page or by e-mail. Safe (mobile) computing!
UPDATE: If you want to know if your specific phone is vulnerable there is a Stagefright detection app by Zimperium INC. Just go to the Play Store on your phone and search for “Stagefright detector app” or click the below link for more info.
Please note that the app DOES NOT fix Stagefright. Its only purpose is to tell you if you are vulnerable. The only way to fix it is by applying the update from your carrier when they release it. You can still greatly reduce your chances of infection by changing the MMS settings mentioned above. Cheers!
UPDATE 2: It looks like a few Android devices have been finally updated! Here’s a short list:
* T-Mobile Galaxy Note 4
* T-Mobile Galaxy S5
* AT&T Galaxy S6 & S6 Edge
* Verizon Note Edge and Note 4
If your device is on the list make sure you go to Settings>About device>Software update to get the update if you haven’t already.
UPDATE 3 : Here is a more up-to-date list of phones that have received the Stagefright fix so far: