Stagefright Bug: What Android users should know -
Updated August 10, 2015
anyone using a smartphone with Android 2.2 or later must be aware of a major security flaw that was discovered that could allow an attacker to take control of your phone while sending you a text message. According to Fortune, they call it "heartbleed Mobile", which should be enough to indicate the severity of this bug Essentially the bug. - Who is nicknamed Stagefright after the name of the multimedia library where the bug was found in the Android code - allows an attacker to send a malware-laced multimedia message (MMS) to your phone and immediately access
the Stagefright media library works to help interpret the phones MMS content (such as videos,. photos, audio, etc.), and most phones are set to automatically download the content when a message is received. this means you do not need to do anything on your end for this hack to work, which is what makes it so dangerous. Every criminal must do is have your phone number and they can get into your phone and steal data and photos, divert your microphone and camera and more. the worst part? This mobile security issue has been around for five years, as reported by Fortune.
Which Android devices are vulnerable?
All based phones version 2.2 applications running or more are potentially vulnerable, however, the most vulnerable are those who are running a software version that predates Jelly Bean (4.1). This represents 11% of phones currently on the market, but overall about 95% of Android devices - about 950 million - could be at risk. The reason those after Jelly Bean are more protected Google has started adding extra security to help prevent against the types of operations that could be used for this type of attack. That said, all users of Android smartphones should be on alert.
How can I protect myself against the bug Stagefright?
Due to the nature of this bug, an attacker could send a message to your phone and infect, steal your contacts list, delete the evidence and continue to do the same on phones of all your contacts without anyone's knowledge. Google already has patches that correct this fault, but it is manufacturers and wireless providers to deploy patches to device owners before this will be fixed completely. That said, there are some things you should do now:
1. Contact your manufacturer. Or visit the website or call the customer service and know when the patch will be available - or is already - and how it will be delivered to your device. Unfortunately, manufacturers may be slow in deploying patches for security vulnerabilities, but we hope that the severity of Stagefright stimulate more action faster than they normally would.
2. Change your email settings. Whatever the messenger you use, be it own your manufacturer email program, Google Hangouts or other messaging application attached to your phone number, you can disable the setting that allows your phone to automatically download MMS messages. It's a little different for each type of messenger, but in general, you need to access the settings in the email program and there will be a box labeled you can uncheck "Automatically retrieve MMS messages."
view MMS settings screen for LG Android Messenger app
3. Update the software of your phone ASAP . When a patch or update is available for your phone software, install it immediately. Sometimes it is tempting to put off these updates, especially because they may take some time and interrupt the flow of your day while your phone is temporarily unavailable. But given the potential risk the bug Stagefright could do, it is better to be temporarily inconvenienced than risk your mobile security.
For more information on protecting your mobile devices and your computers against viruses and hackers, visit our Web reviews of security software.
0 comments:
Post a Comment