According to the Zimperium cyber security firm, around 95% of the Android devices out there are vulnerable, which means that the hackers can take control of these smartphones by just sending a simple picture messages (MMS). The details of this exploit have not been made public yet, but the hackers already know how this type of attack works, so we are expecting them to react soon and start taking control of every Android device they like.
We remind you that ZImperium is a security firm and their job is to discover vulnerabilities of Android OS and let the Google users know what they need to do in order to fix them. Without any doubts, a lot of hackers from all over the world will try to use this vulnerability in order to gain control to your Android device and this is why we’re going to reveal you how you can protect your device against these kinds of attacks.
How the exploit works
All the hacker needs to do is your mobile phone number. Once he finds out your mobile phone number, he will just need to send a MMS with a malicious code embedded into it. With other words, the hacker can send the MMS during the night, when you are most likely sleeping and take control of your Android device. After that, he can even remove all trackers of the attack and you will not even know that you were hacked.
Once you’ve received the Trojan file that’s inside the MMS, the hacker will be able to read messages, retrieve your login credential from websites or services, open the microphone of your device and access any file that you have stored on your mobile device.
Android Devices that are affected
This specific attack is exploiting a security loophop in the Android’s media library (Stagefright). We remind you that for the past 5 years Stagefright has been the default media library in Android. This means that this exploit will most likely compromise almost all Android devices that run Android 2.2 (Froyo) and above, including the Android 5.1.1 Lollipop.
When will the developers release a Fix?
Google has reacted pretty fast and already added a fix for the Stagefright exploit to Android’s code base. However, this doesn’t mean we’re safe, as we didn’t receive the fix on our Android devices yet.
In case you don’t know how an Android update works, we will tell you. First of all, Google is adding a new code to Android Open Source Project (which Google has done already). After that, Google is pushing the updated version to the manufacturers such as LG, HTC or Samsung. Then, the manufacturers spend months adding their own custom tweaks to the firmware before sending it out to the cellular carriers. Lastly, the carriers are releasing the new versions OTA (over the air) and it takes a while until all users get the update.
With other words, it takes a few months until a new update is reaching the Android devices.
How to protect ourselves against this dangerous attack
Since this particular exploit works by sending an MMS that is downloaded on your smartphone, the only way to prevent this kind of attack is to disable the MMS messages from your device. To do this, you will need to set your smartphone to not automatically download the MMS messages that it receives.
However, by doing this, you will need to manually download the MMS messages that you receive, but we’re pretty sure that this is a “small” price that you have to pay in order to keep your device secure.
To disable the auto-download of MMS messages, it will depend on the text messaging application that you are using.
In order to disable MMS auto-retrieve in the Hangouts messaging application, you will need to select Settings->SMS and make sure that that the “Auto retrieve MMS” option is disabled.
Samsung Messages Application
In case you are using the default Messages application on a Samsung smartphone, you will need to open it and select Settings->More Settings->Multimedia Message and disable the “Auto retrieve” feature. This way, the device will not download any MMS that it receives and instead, you will need to manually download it. In case you see a strange MMS from an unknown person, we suggest you to delete it right away and never download it.
Google Messenger Application
In case you are using the Google Messenger application, tap the three dotted menu button from the top right corner and select Settings. Here you will need to choose Advanced and make sure that the “Auto-retrieve” option is disabled.
By doing this, your Android smartphone will not automatically download MMS messages, which means that you will are safe from this new exploit.
Did you receive any strange MMS message lately?