Home \ News \ Announcements (PSA) \ 2015.08.17 Android StageFright


2015.08.17 Android StageFright

What to expect and how to avoid it:

Android StageFright is a bug which exists in a part of Android (known as a library) called libStageFright.

When you receive a text message with attached media (an MMS or Multimedia Messaging Service message) with a video attachment, your phone automatically downloads and prepares the video for playback. This process can allow the sender the ability to remotely do things to your phone. The can potentially take control of it similar to a personal computer affected by a "bot-net" virus.

If you want more details, there is an excellent in-depth article on Android StageFright located here: http://www.androidcentral.com/stagefright

 

Important points:

Disabling the automatic download of the message is a good first step (see below to a link for some tips on this process), but avoiding manual download is important too.

Hackers may try to send you messages and they may try to trick you into downloading the attack video.

Social engineering is common in malware distribution (e.g. "we can't deliver your package - please refer to the attached invoice").

Messages (which contain videos) are more likely to be of a personal form. So beware of messages that try to trick you into playing a video from people you don't know.

 

Example attack messages might include things like:

  • "I saw your kid hit that parked car - this is you isn't it?"
     
  • "Hey - I know you probably don't remember me, but we went to school together - I wonder what you look like now - if you want to see me check out this video?"
     
  • "Hey check this out! Your toilet is flooding!"

Do not be tricked into downloading and playing videos from unknown sources. Confirm the identity / legitimacy of the video before you risk playing it.

 

Guarding against the problem:

First, disable auto download of MMS messages (see the link below).

Then, continue to apply security updates to your phone's operating system when they are distributed (in accordance with your own best judgement and any applicable corporate IT policies of course).

Here is a brief article located on the Telus website describing how to disable automatic download of MMS attachments on a variety of Android phones (the primary attach vector currently known for this bug) located here: http://telus.my/stagefright

Keep in mind - using a closed source phone might seem safer to some - but it's the open nature of Android that allows people to publish the details of these potential risks. Other "closed source" phone vendors could intimiate good people to not release the news - but the hackers will still have the information and ability to make an attack and the public may not know until too late.

 

If you need more help:

Contact your cellular service provider for technical support, advice, or confirmation that your phone has been updated to ensure it's secure.

 

Like our support? We bet you'll like our service!
Contact us  now for more information!
Hosted VoIP | Fax Services | Cloud ServicesMicrosoft Exchange | Remote Backup | Internet Connectivity | VoIP Phones | Servers | Thin Clients

 

Login Form

Search

Latest News