75

Android’s StageFright Vulnerability


What is StageFright

A mobile security researcher recently uncovered a vulnerability in the Android operating system which can open it up to exploitation.

This vulnerability can be triggered without any user interaction whatsoever or simply by opening a Multimedia Messaging Service (MMS) text causing the device to become compromised.

How to protect yourself

Minimize risk associated with an MMS by:

  • Launching your native text messaging application
  • Tapping on settings and look for the “Multimedia Messaging service”(MMS) heading
  • Disable “Auto-retrieve” (or Auto-fetch) MMS by removing the check mark

Rest assured that by disabling “auto-retrieve MMS,” you’re not also disabling the ability to receive them. You can still download MMS on a per message basis from your most trusted contacts and sources.

App Steps
Google Hangouts
  1. Navigate to Account > Settings > SMS
  2. Uncheck Auto retrieve MMS
Google Messenger
  1. Tap the three dots in the top right corner of the screen
  2. Navigate to Settings > Advanced
  3. Uncheck Auto retrieve
Samsung SMS
  1. In the Messages app, navigate to More > Settings > More Settings > Multimedia messages
  2. Uncheck Auto retrieve
LG SMS
  1. In the Messages app, tap the three dots in the top right corner of the screen
  2. Navigate to Settings > Multimedia messages
  3. Uncheck Auto-retrieve
HTC SMS
  1. In the Messages app, tap the three dots in the top right corner of the screen
  2. Navigate to Settings > Multimedia messages (MMS)
  3. Uncheck Auto-retrieve

You can access a simulator walkthrough for these steps and even more devices on our Software Update support page.

What TELUS is doing to  help protect our Customers

Protecting our customer’s information is our top priority. TELUS has engaged Google and device manufacturers to ensure we are on top of any developments.

It is always a good idea to keep your phone’s operating system updated and install continue installing any available security patches provided by your phone’s manufacturer as they become available.

Manufacturers will continue patching this vulnerability and we will make it our priority to test and push out updates as they are made available to us. We should note that some devices may not be supported by the OEM.

Here is a list of devices with planned updates at this time:

OEM Model Target Release
Alcatel Idol 3 August 27th
Alcatel Pop Icon September 3rd
Alcatel Idol X+ September 3rd
Alcatel Pop 8 September 3rd
HTC One M7 Delayed by OEM
HTC One M8 Delayed by OEM
HTC   One M9 Delayed by OEM
HTC Desire 320a August 24th
HTC Desire 601 August 28th
LG Nexus 4 Completed
LG Nexus 5 Completed
Motorola Nexus 6 Completed
Motorola Moto E September 4th
Motorola Moto G August 24th
Motorola Moto X September 4th
Samsung Galaxy S5 August 11th
Samsung Galaxy S5 Active August 11th
Samsung Galaxy Alpha August 21st
Samsung Galaxy Grand Prime August 21st
Samsung Galaxy S6 Completed
Samsung Galaxy S6 Edge Completed
Samsung Galaxy S4 August 28th
Samsung Galaxy Note 3 August 30th
Samsung Galaxy Note 4 August 11th
Samsung Galaxy Core September 4th
Samsung Galaxy Tab S 8.4 September 4th
Samsung Galaxy Tab S 10.5 September 4th
Sony Xperia Z3 August 14th

.What if my device is not on the list 

We are working with our OEM partners to provide you with the most up-to-date information. Please keep an eye on this page – we will be updating the device list regularly

Haven’t registered for the Neighbourhood yet? Register here to stay on top of the latest news and topics.

Post originally published on the TELUS Neighbourhood.