Protect Your Android Phone from the Stagefright Hack

Due to broad device compatibility for the OS and a strategy that focuses on the OS and not the hardware, Android holds nearly 80% of the mobile smart-phone market share. The downside of holding the mobile software market majority is that when a device-agnostic and OS-specific vulnerability is exposed, the user-base impact and potential PR-backlash is all the greater. Most recently a critical vulnerability has been discovered that puts nearly all Android OS users at risk.

Just Your Phone Number

By exploiting a vulnerability in Android messenger apps, all that’s needed for the new virus Stagefright to infect your phone is your phone number in the hands of a crafty hacker. Unlike with most malware, you don’t need to download a file, click a link, or even open the message to expose yourself to infection. Once you receive an infected multimedia message, hackers can get to work tracking your location, intercepting your data, or taking control of your phone’s audio or video capabilities.

How Stagefright Hack Works

The criminal would start by hiding the malware inside a multimedia message, usually a video clip. Then, all that is left to do is send the infected MMS to the target and it’s done. Once the targeted smartphone receives the message, it is already compromised before the “message received” notification even sounds offProtecting Your Android Phone - Dynamic Quest

Particularly troubling is the fact that the Stagefright virus manages to infiltrate the smartphone without any action from the phone user. By default, Google Hangouts and other text messaging aps instantly process received videos to make them readily viewable in the gallery. This allows the phone to display a preview of the video even before the user opens it.

Once rooted in the target phone, Stagefright enables the ne’er-do-well to gain nearly full control of the phone. Digital miscreants are using the virus to copy and delete data or files of their choosing, or creepily invade privacy by using the victim’s on-board camera and microphone and even record any video or audio that is captured. In essence, the hacker can virtually do anything with the phone… and do it all remotely.

The Simple Solution

Image Credit: Demonstration via Greg Baugues at Twilio Blog, - Dynamic Quest

More and more companies are recognizing the vulnerability and releasing patches and fixes as a response. It might take some time for all android smartphones to get the fix though so it is better to do what you can while waiting.

We suggest a quick and easy fix of disabling the auto-retrieve function in your messaging client. To deactivate the auto-retrieve MMS on Samsung Galaxy S6, for example, you would go to “Messages App > More > Settings > Multimedia Messages > Auto-Retrieve” and turn auto-retrieve off (shown in the example here).

Image Credit: Greg Baugues Twilio blog site:

Even if you are unsure whether or not your smartphone provider has already released a firmware update to prevent the Stagefright hack, we here at Dynamic Quest still recommend that you turn your Android’s auto-retrieve off just to be safe, and – at least in the short term – if you do receive a strange video text from an unknown number, delete it immediately. These are the best possible steps you can take to safeguard against the Android Stagefright hack, but certainly stay vigilant and check back here for updates since it’s impossible to know when a different variation of the malware might surface.

Do you have any questions about current malware, viruses, hacks, or network or device security? Is it time to talk about your continuity strategy and data protection? Or maybe you just aren’t sure? Wouldn’t it be nice if you had a friendly neighborhood technology epicenter overflowing with expertise and talent that could answer your questions with no expectations, fee or strings?  Well, as luck would have it, we have a mission-driven prerogative to improve our communities through supportive technology education and thought-leadership benefiting both our clients – past, present and future – and their clients – past, present and future. That said, we’re here and happy to help.  Just click the “Ask an Expert” button below to submit a question and we’ll get back to you with an answer.

Curious to learn more? Contact your local managed IT service provider?

Our Vendors