ul 28, 2015 · By Cheetah Mobile
Your android phone is facing another life-threatening challenge right now. According to a researcher from Zimperium, a vulnerability has been found in Android OS, making 95% of Android devices running version 2.2 to 5.1 of operating system has the potential to allow hackers to take total control over your phone with a simple picture message (MMS).
The vulnerability actually resides in a core Android component called "Stagefright," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs.
How It Works
A hacker only needs your phone number to take total control of your Android device by sending an MMS with the malicious code embedded in it. This means a hacker could take control over your phone, then remove all traces of the attack while you were asleep.
Once the Trojan file has been sent over MMS, the attacker can read your messages, retrieve your login credentials for various sites and services, operate your device's microphone, and access almost any file stored on your phone.
When Is a Fix Coming?
The sad news for most of the Android users is that the fix will not help Millions of Android users that owned older versions of the operating system that Google no longer supports, opening doors for hackers to perform Stagefright attack. For now, Google has already added a fix for the Stagefright exploit to Android's code base, but devices require over-the-air updates from companies such as Samsung or Motorola to update their customers' phones. So in the meantime, we'll need to take matters into our own hands.
What Else Can You Do?
Since the exploit works by sending an MMS that is automatically downloaded by your phone, the only way to prevent this attack is to set your phone to not automatically download MMS messages. Here, we outline the process for some of the most popular messaging apps below.
Samsung Messages App:
If you're using the default Messages app on a Samsung device, start by heading to the Settings entry in app's main menu. From here, select "More settings," then "Multimedia messages." Finally, disable the "Auto retrieve" option to ensure that potentially dangerous MMS messages are not automatically downloaded.
Google Messenger App:
With the Google Messenger app, start by tapping the three-dot menu button in the app's top-right corner, then select the Settings entry. From here, choose Advanced, then make sure the "Auto-retrieve" option is disabled on the next screen.
Hangouts App:
To disable MMS auto-retrieve in the Hangouts messaging app, head to the side navigation menu and select Settings. Next, choose the SMS entry, then scroll down a bit, and make sure that the "Auto retrieve MMS" option is disabled.
From now on, your phone will no longer download MMS messages automatically, meaning the exploit can't be triggered on your phone without your knowledge. But you should still be very careful about opening MMS messages, and in general, do not open an MMS message that came from a phone number you don't recognize. Also, if you are geek enough, you may want to visit CyanogenMod to find more solutions towards this flaw:https://github.com/CyanogenMod/android_frameworks_av/commits/cm-12.0
http://thehackernews.com/2015/07/android-phone-hacking.html
Share
