Question:I have an Android phone and just heard about a major security problem, so what should I do?
Answer: A number of newly discovered vulnerabilities in a central Android software component called Stagefright — which is used to play, process or record multimedia files — could affect up to 95 percent of Android users. About 1 billion phones run on the Google operating system, so a lot of people are vulnerable.
According to the security researcher who discovered the problem, any Android device running versions 2.2 through 5.1.1_r4 could be exploited through MMS or Multimedia Messaging Service messages.
Standard messages containing text only use the SMS or Short Message Service and are not part of the problem. Only rigged MMS messages can take advantage of this vulnerability.
If you open a malicious MMS message, you could provide complete access to your phone to hackers, allowing them to access anything on your phone or wipe everything out. So be very careful with an MMS message, especially if you aren’t sure who sent it.
Google is aware of the problem and has created a patch, but it could take a while before your phone receives the fix.
Why the delay? Google can’t directly send you the fix. The company must send it to phone manufacturers such as Samsung, LG, HTC and Sony. The phone makers then must work with the various carriers — Verizon, AT&T, Sprint, T-Mobile and so on — to deliver it to your phone.
This process could take days, weeks or months, depending on the type of handset you own and which carrier you use. If you’re running old software versions that are no longer supported, there might never be a fix.
With this in mind, waiting for the phone manufacturers and carriers to deliver the fix will leave you vulnerable, so here are a few things that can provide protection in the meantime:
Turn off the auto-download or auto-retrieval feature on your messaging app. This option is generally located in the Settings menu of whatever messaging app you use, which can be accessed from within each app. If you use more than one app, change them all.
If you can’t find a setting to turn off MMS auto-download, stop using the app. The danger comes when your phone tries to process a rigged MMS message, so preventing messages from getting onto your phone is the best way to protect yourself until a fix is installed. If you can’t figure out how to stop auto-downloads, switch to a different messaging app, such as Google Messenger (https://goo.gl/3gCHWV).
Download MMS messages manually, and only from people you know. Because any random hacker can target you simply by knowing your phone number, it’s extremely important that you pay attention to who is sending you messages. If you don’t recognize the number, don’t respond.
Stop using the Google Hangouts app on Android phones. This app will automatically process media when sent, which means you could be harmed even if you don’t view the file. Most people don’t use this app. But if you do, wait for Google to patch the app.
Ken Colburn is the founder and CEO of Data Doctors Computer Services, datadoctors.com. Ask any tech question at: https://facebook.com/DataDoctors or on Twitter @TheDataDoc.