As a developer and former information security engineer myself, I often feel a mix of angst and appreciation for the ingenuity behind modern social engineering attacks. Something along the lines of, “There goes those silly hackers again - stealing identity and financial data. What havoc did they wreak and how did they do it this time?”

Stagefright is believed to be the worst Android vulnerability ever, and it is believed this affects approximately 95% of all Android devices in use today. Attackers can steal data from infected phones, as well as hijacking the microphone and camera. The worst part is that hackers only need to guess your phone number to infect your device. In fact, advanced malware can deliver its payload via multimedia message (MMS) and delete the message before you even see it!

Now that is impressive! We all love to send and receive pictures via text message, right? That is why the default configuration is to automatically download images and, in this case, a potential virus.

So how do you combat Stagefright?
 

Windows Phishing Settings


? At a minimum, disable the setting to "automatically retrieve" MMS messages. For most this can be done by opening "Messaging" (like you were going to text someone) -> tap settings icon (3 dots in upper right corner) -> DISABLE Auto-retrieve (under Multimedia (MMS) messages). 

 
? You can still receive multimedia messages but you will see a ‘download’ option shown instead of the message. If it is from someone you know you can download and view the message.

? There is a StageFright Detector App available in the Play Store that you can use to detect vulnerabilities.

? Other options are also recommended like using alternative apps as the default application for MMS messages.

? Check with your phone vendor to see if a patch is available. There are reports that some devices such as the Sprint variant of the Samsung Galaxy Note 4 are already getting updated with a patch to address the vulnerability (as of Aug 3rd).


paul.schroeder@magenium.com