The Android vulnerability known as StageFright has revealed the Android operating system’s “heart of darkness.” In theory, a simple MMS could take over your phone.
The F-Secure Labs is actively monitoring for threats that target the exploit. The good news is that while the theoretical risk of attack is high and Android is consistently the target of nearly all mobile malware, we have not seen any active attacks that target it yet.
But this is still a huge event that should trigger a major reconsideration of Android security in general.
Android is the most widespread operating system on this planet. 48 % of the devices shipped in 2014 were Androids (Gartner). And that includes both phones, tablets, laptops and desktop computers. There’s over 1 billion active Android devices (Google’s device activation data). Most of them are vulnerable to Stagefright and many of them will never receive a patch. This is big!
The ability to keep software updated is the essential task that makes security possible. Android’s adaptability has helped lead to its remarkable growth. But it’s also led to remarkable fragmentation in the ecosystem.
“Recent data from Google suggests there are 6 different versions of Android that are widely used, with KitKat (Android 4.4) being the most popular. But it’s used by less than 40% of devices,” Adam wrote on the F-Secure Business Insider blog. “The remaining 60% or so are spread out among the other five versions of the OS, and each is customized differently and receives varying levels of support from operators and OEMs.”
Many users cannot update at all.
“Apparently the best supported method of updating your Android phone is to buy a new Android phone,” F-Secure Chief Research Officer Mikko Hypponen tweeted.
Obviously that option isn’t available to millions of Android users.
“Fragmentation also has socioeconomic implications,” the EFF’s Cooper Quintin wrote. “Older and cheaper phones tend to run older versions of the Android operating system, and vendors often give up supporting them or updating the software running on them. On the other hand newer and more expensive phones tend to receive updates faster and more reliably (especially Google Nexus devices).”
1. Examine the app that handles your MMS messages.
Check out your Android device’s default messaging app or Google Hangouts. Make sure to disable their automatic retrieve/fetching options. This will prevent automatic execution of potential exploits on any received messages.
2. Avoid viewing or opening any pictures or videos from untrusted sources.
We’ll keep you updated about this situation as it develops.
[Photo by Photo Cindy | Flickr]
To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than…
July 12, 2018