department menu

Stagefright - the Android Remote Code Execution Vulnerability

Stagefright Affects the Android Mobile Operating System

What is Stagefright?

Stagefright is a new vulnerability found in the Android mobile operating system.  It is named after a medial "library" of tools named "stagefright".

How it works:

Stagefright is a remote code execution vulnerability.  This means that the Stagefright, (which is actually a collection of vulnerabilities), can allow an attacker to remotely execute an application on your Android 4.4 (KitKat) and 5.x (Lollipop)devices.   The vulnerable media library helps unpack multimedia message service (MMS) content, and helps the phone interpret the content of the message.  This means that an attacker can infect your device by merely sending you a malicious MMS message.  Once your Android device receives the message, the attacker is able to gain access to your device's data, phone, camera, microphone and other systems.  

What you need to know to protect yourself:

While Google has already released patches to close the vulnerabilities collectively known as Stagefright, it is up to phone manufacturers to push those patches out to their devices.  Unfortunately, what this means is that you are stuck waiting for the phone manufacturers, as very few of them have began the process of patching their devices.  It is recommended that you visit your manufacturers website to find out when they will be patching their devices.  

It's not all bad though -  you can help to protect yourself by turning off the "Automatically retrieve MMS messages" setting.  Instructions on how to do this can be found below.  In addition, if your device supports this feature, it is recomended that you block messages from uknown senders.