The “Stagefright” hole in Android – Follow to Get Secured

The “Stagefright” hole in Android – Follow to Get Secured

It’s become the “Stagefright” hole in the Android.

That’s a better name for an exploit than POODLE or LOGJAM – heck, it’s a better name than Heartbleed’ (although the bugs don’t really compare at all, whatever you may have read).

You can use a name like “Stagefright” in your press releases without being accused of hyperbole.

Unsurprisingly, then, that’s what researchers at Zimperium have done.

They found a bunch of security holes, now designated with seven different CVE numbers (CVE-2015-1538, -1539, -3824, -3826, -3827, -3828 and -3829).

Follow these steps to get secured from “Stagefright” hole in the Android

  • Try asking your device vendor whether a patch is available already. You may be able to get ahead of the game.
  • If you can’t get a patch right now, find out when to expect it so that you can apply it as soon as you can.
  • If your messaging app supports it (Messaging and Hangouts both do), turn off Automatically retrieve MMS messages.
  • If your device supports it, consider blocking messages from unknown senders if you haven’t already.
  • If your SMS/MMS app doesn’t allow you to turn off Automatically retrieve messages, consider simply switching back to Android Messaging, which does.

Unless your digital lifestyle hinges on MMS, we think that you will be able to live without it, and that blocking the auto-download of potentially booby-trapped MMS content is a great start.

Of course, even if you’ve turned MMS auto-downloading off, you still need to avoid clicking on suspicious MMSes – doing so would initiate the potentially dangerous download anyway.

So, if you see an MMS from a sender who’s never communicated with you before, consider deleting it.

And don’t forget that “Stagefright” isn’t specific to MMS messaging, but rather to the way Android renders the sort of content typically delivered by MMS.