Skip to main content

How to check & protect against the “worst Android vulnerability” ever, Stagefright

When mobile security researchers recently discovered what they described as the “worst Android vulnerability in the mobile OS history,” there appeared little you could do about it beyond waiting for your carrier or manufacturer to push Google’s fix. The exploit could auto-run as soon as you received an MMS designed to trigger it, whether or not you opened the message.

The same researchers have now created an app that allows you to check whether or not your devices has been patched against Stagefright, together with a step you can take to prevent the exploit from running automatically … 

You can prevent the malware from auto-running on receipt of an MMS by disabling auto-fetching of MMS content. The Lookout blog put together instructions for doing this:

  • Open Hangouts
  • Tap the menu button in the top left corner
  • Tap Settings
  • Tap SMS
  • Scroll down and uncheck ‘Auto retrieve MMS’

If instead you use the Messages app:

  • Open Messages
  • Tap the menu button top-right
  • Tap Settings
  • Tap ‘Multimedia message (MMS)’
  • Uncheck ‘Auto retrieve’

You can find screengrabs, together with instructions for other messaging apps, over at the blog post.

Once you’ve done this, you’ll be protected so long as you take the obvious precaution of not manually opening any MMS message you weren’t expecting, even if it’s from a known contact.

Via Engadget

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel