There’s been a lot of discussion around a recently discovered vulnerability with the Android Operating System. The vulnerability known as “Stagefright” can, if exploited, grant access to system and media privileges on an Android handset/tablet.
As soon as Optus was made aware of this vulnerability, we were in contact with Google and Android device manufacturers to determine the best course of action. We’re currently working with Google and device manufacturers to work through the software updates process to ensure an update is ready as soon as possible for our Android customers. You can also keep informed on the available software for your handset and what updates are currently being tested and/or being rolled out through our Android Software Updates page.
There’s no guaranteed way for you to protect your Android handset from the Stagefright vulnerability currently, but until you receive an operating system update there are ways to reduce the risk. These instructions will vary from handset to handset however should be able to be easily be adapted quite easily.
Disable MMS auto retrieval:
The main way to exploit the Stagefright vulnerability is to send the user an MMS which by default, will automatically download onto the handset. Switching the automatic download off may significantly reduce your risk. This can be done via settings > application settings > messages > multimedia messages > untick the “auto retrieval” feature.
Third Party Messaging Apps:
One of the most attractive features of Android is that almost everything is customisable. What this also means is you may have other apps that have the auto retrieval of MMS activated so it’s best to ensure you check which app your phone is using by default. Doing this is simple through settings > more (under the connections section) > default messaging app. You’ll then be shown which app your phone is using by default and can change it if you’d like. Otherwise, make sure you access the listed app and switch off the automatic retrieval of MMS within that as well.
Check to see if your handset is vulnerable:
As this vulnerability is in the midst of being corrected, your phone may have already received a system update to reduce vulnerability. Zimperium, the company that initially discovered the security flaw, has released an app that will check your handset and confirm if it’s vulnerable or not. The app can be downloaded through the Google Play store.
Remember that the above are suggestions only and won’t guarantee your handset will be completely safe. If at any point in time you receive a SMS or MMS from a number you don’t recognise and weren’t expecting it’s highly recommended you delete it from your handset immediately.
As new information comes to hand, we’ll keep updating this blog, however, if you have any additional questions please comment below and we’ll respond as soon as we can.