95% of Android phones can be hacked with one MMS, millions at risk


Information about the greatest threat that has been detected so far raises concerns among owners of Android phones: in April 2015, Zimperium zLabs reported six open holes in Google’s operating system. Moreover, the company also revealed to Forbes that although Google had sent patches to its partners, most vendors had yet to make them available to protect their customers. These vulnerabilities have been named after the worst Android vulnerabilities discovered so far.

Security researchers say 95% of Android devices, or about 950 million smartphones, are at risk . Older devices running Android versions lower than 2.2 are safe, as are gadgets running on Silent Circle’s recently developed Blackphone system, which has already been patched. Security updates for the Nexus phone will be released soon.

For hackers to infect your phone, they just need to know its number. They start by sending a special MMS to the phone. Unfortunately, you don’t need to open a message to become a victim because your operating system will do everything for you. A terrifyingly effective and discreet attack.

The vulnerability resides in the Stagefright software library . The Google Hangouts app is also affected as it processes video messages by default and thus activates the virus.

Once installed, the malware can remove the original MMS to cover all traces of it. The virus can spy on you through your device’s camera and microphone, post your data on the web, and do other unwanted things .

Recently, Google has prepared additional patches for its Nexus phones  and promised to release them soon. Unfortunately, if you are not the owner of such a device, you may never see a security update for your phone. The sad truth is that smartphone manufacturers don’t always and rather sluggishly deliver patches, especially if you have a phone that’s older than 18 months.

Meanwhile, the maker of CyanogenModa , the unofficial distribution of the Android operating system, recently released patches . Below are some tips on how to protect yourself if the manufacturer does not offer updates for your device.

  • You can root your Android device and turn off Stagefright. Then you will even be able to change the operating system.
  • You can buy a new secure smartphone (rejoice, manufacturers!) And forget about the matter until a new critical vulnerability is discovered.
  • Change the settings so that you do not receive MMS messages.

MMS vulnerability in Android – what is it and how to protect yourself

Whichever method you choose, you won’t be able to avoid inconvenience. The quickest way is to turn off automatic MMS download for the Hangouts app. It won’t take long:

  1. Open the Hangouts app.
  2. In the top left corner, click Options.
  3. Click Settings -> SMS.
  4. Uncheck the MMS Auto Download box in the Advanced section.

If you are using the default messaging application, you can do so as follows:

  1. Open the SMS / MMS application.
  2. Click Menu -> Settings -> General Settings
  3. Clear the Automatically download MMS messages box.

We hope that smartphone manufacturers will finally start taking this topic seriously. We can also encourage them by writing directly to their Twitter accounts.