Browse
 
Tools
Rss Categories

 Featured
Stagefright (Android vulnerability)

Reference Number: AA-00551 Last Updated: 2015-09-04 14:33

An Android vulnerability dubbed "Stagefright" was discovered in July 2015 which affects devices running Android OS versions 2.2 (Froyo) to 5.1.1 (Lollipop). All affected devices are at risk of processing potentially malicious Multimedia Messaging Service (MMS) messages.

In the case where a vulnerable device receives a malicious MMS, the actual virus is only injected/loaded onto the device when either:

  1. The user manually opens the MMS
  2. The MMS is automatically processed (which is the case where the device’s MMS/SMS messaging application has the setting "Auto-fetching" enabled)

Over time certain device vendors may be releasing patches for certain handsets but it is recommended to practice caution e.g. disabling MMS auto-fetching and not opening suspicious MMS messages.  Please alert your field teams.

For examples of how to disable MMS auto-fetching in some of the more common messaging applications (e.g. Hangouts, Messages, Messaging and Messenger) see: https://blog.lookout.com/blog/2015/07/28/stagefright/.

Rss Comments
  • There are no comments for this article.