950 million (and potentially over 1.1 billion) Android phones are vulnerable to a series of hacks, which include DOS, UI spoofing and stealing of user information.
One of these attacks is called Stagefright and it uses a unique multimedia message. Stagefright is an Android native media playback tool, so its internal weaknesses can lead to the demise of the entire system. The multimedia message that is sent to the victim contains a video with a code – but the code starts working without the user ever even opening the message or playing the video. The built in Hangouts app will do this for you – in the background. Your phone is conveniently multitasking away in the background while your data is exploited. Hangouts – or your native messaging app (!) wants to have the video or other multimedia file ready for you in your gallery. This is a nice little feature, but too risky to keep.
So to protect yourself from this, uncheck the “Auto retrieve MMS” option in your native messaging app.
Google rolled out a big security fix when this first became known, but it only fixed part of the problem. There are still sources saying that the Stagefright scare is not quite over yet. Patches are being sent out across the globe, but updates are slow and difficult to push and exploits are fast and nimble. It’s the eternal race it seems.
Google is being slow to respond in this case, even though this hack has gotten an unusual amount of attention from hackers. The potentially affected user base is ridiculously large.
One can only hope that Google is not too busy re-branding that they forget their core customer base: one seventh of the world’s population.