We rely on smart security devices to protect our homes: alarms, smoke detectors, video surveillance and such. But what if there was an underground tunnel right beneath your neighborhood, and all that a burglar needed to break into your home was the house number? Pure catastrophe, right?
With the unfortunate Stagefright vulnerability, we can think of an analogy where your Android smartphone is the home of your digital life, housing pictures, mails, personal notes and banking information. And what the virtual burglar needs in order to break in and steal information is the phone number alone. All of this is now possible because there is an ‘underground tunnel’ in Android’s native messaging applications that allows cybercrooks to barge in by simply sending a bogus video canned in an MMS.
Google engineers fixed the issue on their end, but the update will most likely have trouble making its way to more than 80% of the Android devices. Reason being, phone manufacturers are only offering updates to last generation phones, while leaving the majority completely in the dark.
The good news is that you can close the trap door to this vulnerability yourself: go to your default messaging application (Google Hangouts or Google Messenger) and turn off the Auto Retrieve MMS option. The sooner, the better.
However, changing this setting won’t fix the exploit entirely, but mitigate it greatly. It will make it impossible for one to silently & automatically execute an attack on your phone. Don’t forget you still need to be cautious when opening videos!
Avira is proud to be offering best in class protection for the Android devices, topping independent reviews and tests. Our engineering team is treating the Stagefright vulnerability very seriously and we are currently working on offering support and guidance to our users.