According to news reports published earlier this week, IT security experts have identified a vulnerability in Android’s operating system that allows someone to access your device, including all apps, content, and even your camera, using only your mobile number. The worst part? The owner of the compromised device won’t even know that it’s happened.
What is Stagefright?
Stagefright is being described as “a benign piece of software code that governs how some mobile devices receive and process certain media files.” An unknown user could exploit the vulnerability identified in this code to send a “specially crafted media file” to a device for which they know the number. The device owner may see a notification of a new message pop-up on their screen, but otherwise, everything else looks normal.
This is what makes Stagefright so scary. Unlike other phishing or suspicious email circulating around campus that require the user to open a file or click on a link to run the malicious software, Stagefright requires no action on behalf of the targeted device owner.
I’m an Android user – what should I do?
Android devices after and including version 2.2 are vulnerable. And while Google has pushed a patch to its partners for Nexus devices, manufacturers of other Android-powered devices have yet to follow suit. In the meantime, Android users can follow the below steps to protect themselves.
- Turn off auto-downloading of MMS/SMS messages
- Block messaging from unknown contacts
- Contact your device manufacturer and/or Internet Service Provider (ISP) for patch availability inquiries, etc.
Additional communications will be shared when more information is available.