In a grim reminder of mobile technology risks when more and more e-banking and e-commerce activities are moving onto the app platform, the “Stagefright” vulnerability is expected to expose all Android users including Lollipop 5.1.1 to risk of being hacked.
Stagefright is a multimedia library for the Android OS and is present in all the versions of Android from Froyo 2.2. The security risk is mainly related to an insecure code in Stagefright.
The vulnerability therefore encompasses 95 percent of Android smartphones and tablets (nearly 1 billion devices) in use at present. It has been dubbed the worst vulnerability in the history of the Android mobile operating system, which was developed by Google.
Through Stagefright exploit, users can remotely take control of an Android device and access photos, cameras, private data and more. In Android devices that are running on Android versions older than JellyBean OS, hackers can gain control of the device, even if the MMS is not opened by the user. Moreover, on such devices, hackers will even be able to delete the problematic MMS without the consent of the user.
The Stagefright exploit is carried out by sending a malicious MMS to an Android device. However, the Android OS is unable to detect it as a security issue but only recognizes it as a video file.
Users of Google hangout are also vulnerable since the app may process the videos for quicker viewing and hence receiving the message on Google hangout may be enough to make a user vulnerable.
It appears that the solution is not very complicated. In order to prevent such a hack attack, users are only required to disable the automatic retrieving feature for MMS. One can go to “Messaging”, click on “Settings” and “Remove the check on Auto Retrieve”.