Tuesday, 28 July 2015
Stagefright vulnerability on Android
A few days ago, experts from Zimperium mobile security discovered a vulnerability which they named it as 'Stagefright'. A vulnerability that allows a user to compromise Android devices via sending a malicious mms. This mms will then execute a code that can delete your messages even before you see it.
Below is how the attack works.
According to Zimperium's blog, as of now, only Android devices protected by Zimperium’s advanced Enterprise Mobile Threat Protection solution, zIPS, protects its enterprise customers from Stagefright vulnerability and also SilentCircle’s Blackphone.
Nevertheless, there are ways one can protect itself from such attack via manually changing the settings of the phone. As the attack primarily uses MMS as its platform of attacks, users of Android devices can disable the MMS settings (temporarily until Google release the official updates for it)
For Android's messaging:
Go to your Messages settings
Click on Multimedia Messages
By default, the 'Auto Retrieve' of MMS is checked
If you rarely used this function, i recommend that you uncheck this option.
For Google Hangout
Go to your Google Hangout Account
Uncheck the 'Auto retrieve MMS' settings.
Now, you are safe from the attack. However, if you are using other messaging platform/app to send or retrieve sms/mms, i recommend you check the settings and uncheck the MMS retrieval.
Now we wait for the update/patch from Google.