A vulnerability has been detected in the operating system for Android devices, which can be exploited to take complete control over a device. One such method of attack is through a specially crafted MMS message: by knowing a user’s phone number, the vulnerability allows the attacker to compromise and obtain full access to the device, including all apps and content, and incl. the camera feature, without the user knowing. The specially crafted MMS message does not cause the phone to ring and does not require the user to take any action in order to activate.
Affected Operating Systems
Android devices version 2.2 and after
Please update to the latest patch provided by your vendor; please note that Google may release a second patch in September as the first one may not have fully addressed the vulnerability. Below are a few major service providers informing users of their timeline for updates and instructions.
- TELUS: http://forum.telus.com/thread/54211/category/top/board/Mobility/android-s-stagefright-vulnerability
- Rogers: http://communityforums.rogers.com/t5/forums/forumtopicpage/board-id/Android/thread-id/32172
- Fido: http://forums.fido.ca/t5/forums/forumtopicpage/board-id/Smartphones/thread-id/23746
- Koodo: https://community.koodomobile.com/koodo/topics/androids-stagefright-vulnerability-dps4w9nn887vh
Other key suggestions
- Turn off auto-downloading of MMS/SMS messages
- Block messaging from unknown contacts
- Contact your device manufacturer and/or Internet Service Provider (ISP) for patch availability inquiries, etc.