No program can be flawless, certainly not the behemoth of an Operating System that is the Android OS. Over the years, quite a few significant vulnerabilities in the Android OS have been uncovered, the latest one being the ‘Stagefright’ exploit which was found and announced by the folks at Zimperium. The exploit stems from a flaw in the library libStageFright that plays a role in multimedia playback.
While there are currently no reports of the vulnerability being exploited by hackers, the exploit could theoretically allow a hacker to gain access to the victim’s Android device by sending them an MMS message containing malware code. Since messaging apps on the Android OS automatically download multimedia that devices receive as part of an MMS, the victim would not even realize that they have been hacked. The Stagefright flaw puts close to a billion Android devices at risk as the issue resides within the Operating System itself.
While Zimperium itself has launched an app (the Stagefright Detector App) that determines whether or not an Android device is affected by the vulnerability and security patches are being doled out left and right, the average Android user would definitely want to do something on their own to protect themselves and their device. Well, the following are the steps an Android user needs to follow to patch themselves against the seemingly terrifying Stagefright exploit:
a) Open the Hangouts app.
b) Tap on the Hamburger menu (the three-layered icon) located at the top left of the app, right next to your profile picture and name.
c) Click on Settings
d) Select ‘SMS’ in the Settings menu.
e) Scroll down until you locate the ‘Auto-retrieve MMS’ option.
f) Uncheck the ‘Auto-retrieve MMS’ option, disabling it and withdrawing your permission for the device to download media from MMS messages in advance. Disabling the default messaging app’s option to auto-download media from MMS messages will actively eliminate the Stagefright vulnerability from any Android device.
The majority of Android users have switched to Hangouts as their default messaging app. However, fear not those who use apps other than Hangouts to send and receive messages. All anyone who uses a messaging app other than Hangouts needs to do in order to protect their device from the Stagefright exploit is navigate to the settings of their messaging app, find the MMS settings and locate and disable the ‘Auto-retrieve MMS’ option.