Stagefright – Android malware

This past week, the mobile security firm Zimperium discovered a major vulnerability within the Android operating system. This vulnerability, nicknamed Stagefright, has the potential to impact around 950 million Android devices. This exploit is unique in that users do not have to do anything in order for the malicious code to be downloaded to their phones. Once a hacker has gained access, they can completely take over your phone, from stealing or deleting your data, to turning on your camera and microphone. Morning Edition on NPR has a good explanation of both the vulnerability and challenges with this security threat: Major Flaw In Android Phones Would Let Hackers In With Just A Text

Several smartphone manufactures and wireless carriers have already developed and deployed necessary patches to resolve the issue; others are actively working on a patch release. In the meantime, Android users can defend themselves in the following ways:

Turn off “Auto Retrieve MMS” in all messaging apps
The scariest part of this particular vulnerability is that the user does not need to open the message for the virus to be activated. Many androids are set to automatically download images and videos within messaging apps, the virus is automatically downloaded upon receipt. To avoid this, the Office of Information Security (OIS) recommends turning off “Auto Retrieve MMS” in all messaging apps. Instructions can be found on the Digital Trends website.

Enable automatic updates
Turning on automatic updates will ensure that patches are installed as soon as they are released. Patches are targeted at known vulnerabilities, so automatic updates help you to protect yourself from security threats. In fact, a recent security study done by Google found that the top practice recommended by security experts was installing software updates.

Never play a video multimedia text message (MMS) from anyone you do not recognize
Stagefright happens when message containing a video with embedded malicious code is received. As with emails, you should never click on any links or images in text messages from people you do not know. Remember, regardless whether it is an email or text message, opening messages from people you do not know can be dangerous.

Questions or concerns? Please contact the Office of Information Security at OIS@neu.edu.

For the latest news on security issues, visit the Office of Information Security website or follow SecureNU on Twitter. To stay updated with all things tech-related, please visit the ITS website or follow NortheasternITS on Twitter.

Related links:
ZDNet – Stagefright: Just how scary is it for Android users?
Twilio – How to Protect Your Android Phone From the Stagefright Bug

This entry was posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing. Bookmark the permalink. Both comments and trackbacks are currently closed.