musicMagpie Blog

Security experts have uncovered a new security flaw in Android that could leave up to 950 million devices vulnerable to hackers.

The flaw affects an Android media library called Stagefright, which processes media files, and allows hackers to access your device simply by sending malicious code disguised as a video via MMS.

Unlike regular phishing, though, you may not even need to open the video for the hacker to gain access. As soon as the video is received, Stagefright will process it and run the code on your device "" potentially granting the hacker access to your files, storage, cameras and microphones.

According to Zimperium, the company that discovered the vulnerability, a hacker could send a malicious message, install the code and delete the message without you even knowing.

While the flaw is serious, there have been no reported cases of hackers using the exploit and many of the scenarios outlined are worst case scenarios. Google, who are obviously keen to fix the problem as soon as possible, have also released patches for the issue. The patches will be available for Nexus phones first, with other manufacturers rolling them out later (as soon as possible, hopefully).

Another positive is that Android apps are "˜sandboxed', which means one app can't access data from another. This means the info a hacker can access is limited to the app which processed the video, although they may still be able to access your camera and microphone.

---

How you can avoid being affected by Stagefright

While there's currently no way to completely protect yourself from the Stagefright flaw (for now), there are a few steps you can take to make your device safer.

Disable MMS auto-processing in all messaging apps

The Stagefright flaw relies on your device auto-processing videos sent by MMS. Luckily, you can stop your device doing this quite easily. Simply go into the settings for your messaging apps and turn off "˜auto-retrieve MMS messages'. The way you go about this varies from device-to-device and app to app, but it should be relatively easy to find.

The main apps affected are stock messaging apps and Hangouts.

Be aware that disabling auto-processing will stop any malicious code processing automatically, but your device can still be hacked if you click and play an affected video.

Disable Google Hangouts

While disabling auto-processing MMS should be enough to keep you safe for now, you can also disable Google Hangouts for extra safety. Go to Settings > Apps > Hangouts, then tap "˜disable'. This will remove Hangouts from your device, but you can enable it again at any time by going back to the Apps menu in Settings.

Update your phone as soon as possible

Google have already put together some patches, but you won't be able to access them until your manufacturer decides to roll out new updates. There's no timescale on this, but we recommend downloading any new updates as soon as possible.