Security: Stagefright Android Security Vulnerability - High Risk
Updated: 13 June 2016 10:24 AM

Attention Android users!

A vulnerability has been discovered in the Android operating system that allows an attacker to access data stored on your device or remotely install software merely by having your mobile phone number. This vulnerability is being referred to as “StageFright”. All Android based phones after and including versions 2.2 are vulnerable.

An attacker can use your mobile number to remotely execute code using a media file delivered via text message such as a picture or video message. You are especially vulnerable if you have your device configured to auto-download media in your messaging apps.

Recommended action

To prevent auto-downloading on your Android device, review the settings for your default SMS client.

  • Google Hangouts as default SMS:
    1. Open Google Hangouts
    2. Choose Settings
    3. Select SMS
    4. Scroll down and turn off Auto Retrieve MMS
  • Google Messenger as default SMS:
    1. Open Messenger App
    2. Go to right hand of application and select the three dots
    3. Choose Settings
    4. Choose Advanced
    5. Turn off Auto-retrieve
  • Other (using default messaging app):
    1. Go to Messages App
    2. Select More
    3. Select Settings
    4. Select Multimedia Messages
    5. Turn OFF Auto retrieve

This does not protect you from choosing to open or view unsolicited messages, webpages, links, etc. Safe surfing and texting habits still apply.

Click here to learn more about disabling auto MMS retrieval.