Story 2015-07-30 FZ53 95 percent of Android phones vulnerable to Stagefright remote MMS exploit

95 percent of Android phones vulnerable to Stagefright remote MMS exploit

by
Anonymous Coward
in security on (#FZ53)
story imageResearchers at security firm Zimperium identified a bug (really, a series of bugs) that puts some 950 million Android phones at risk of hacking, called it "the mother of all Android vulnerabilities." If you are an Android user, the chances that your phone is vulnerable are about 95 percent. No one has exploited the vulnerability and actually hacked someone's phone -- at least, not yet. The security firm shared the information with Google back in April, along with a suggested patch. Hackers could take advantage of it by sending you a multimedia message (MMS) containing malware. Once received, it would give them complete control over the handset and allow them to steal anything on it, such as credit card numbers or personal information.

The key to protecting your phone is to turn off automatic retrieval of multimedia messages. Open your default text messaging app, go to its settings and find the option for auto-retrieving MMS/multimedia messages. Uncheck that box, don't choose to retrieve or open multimedia messages from numbers you don't know, and you should be fairly safe.
Reply 5 comments

Unpopular opinion (Score: 0)

by Anonymous Coward on 2015-07-31 08:02 (#G08Y)

Quoting Bruce Schneier (https://www.schneier.com/blog/archives/2015/07/hacking_teams_p.html):
Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure.

I know it's an unpopular opinion but time and time again it seems that iOS is the most secure one of the three.

Re: Unpopular opinion (Score: 1)

by Anonymous Coward on 2015-07-31 12:16 (#G0XX)

So, having a device that the user has no control over is better? No.

Re: Unpopular opinion (Score: 1)

by wootery@pipedot.org on 2015-08-05 19:48 (#GHNQ)

Don't be a fanboy moron. The point being made was relating to which platform is the most secure, not which is best overall.

Re: Unpopular opinion (Score: 3, Insightful)

by axsdenied@pipedot.org on 2015-07-31 15:25 (#G1HJ)

Hacking Team had no exploits for Nokia 3310. Seems like the platform of choice if you want to stay secure. :-)

Re: Unpopular opinion (Score: 3, Informative)

by evilviper@pipedot.org on 2015-07-31 20:47 (#G2FQ)

Hacking Team had no exploits for an un-jail-broken iPhone.
That's an extremely narrow anecdote that doesn't prove much of anything, just that the particular group mentioned doesn't happen put much effort into iOS. There's no denying there are LOTS of iPhone/iOS vulnerabilities. See:

* http://www.rapid7.com/db/search?utf8=%E2%9C%93&q=Apple+IOS&t=a
.
time and time again it seems that iOS is the most secure one of the three.
No, it doesn't seem that way at all:

"the vast majority of all mobile phone vulnerabilities that have been discovered so far have been found in Appleā€™s smartphones. The firm found 210 vulnerabilities in the iPhone, giving iOS an 81% share of known mobile phone vulnerabilities"
* http://bgr.com/2013/03/26/iphone-security-software-vulnerabilities-ios-397421/
.