Home article search

How can I protect my Android device from Stagefright vulnerability?

Issue

  • Affected versions of Android
  • How to better protect vulnerable phones
  • ESET Stagefright Detector for Android

Details

Related vulnerabilities

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-6602

 

Solution

The recently disclosed Stagefright vulnerability allows an attacker to remotely execute an arbitrary code simply by sending a specific MMS (Multimedia Messaging Service) or by forging such a multimedia file using a compromised website. The malicious code can run unnoticed even without opening a malicious MMS.

Affected Android versions: Android 2.2 (Froyo) and newer, including 5.1.1.

ESET Stagefright Detector

ESET has released a stand-alone app on Google Play that detects whether your Android device is protected from the Stagefright vulnerability. Click to view a screenshot.

For more information and to download the app, see the ESET Stagefright Detector page on Google Play:

ESET Mobile Security for Android does not detect or protect from Stagefright (see below for more information about protecting yourself from this vulnerability). MMS are controlled by the Android default messaging application and this vulnerability can only be resolved through the device manufacturer's release patches. 

How to better protect vulnerable phones

Additionally, to find out if your phone is protected you can make sure the device manufacturer has distributed patches for it. Contact the manufacturer or your carrier for more information.

The following items are some steps you can take to better protect your device from this vulnerability (also see below How can I protect my device for illustrated instructions):

  • Ensure that automatic updates are enabled on your Android device to receive the latest patches from your device manufacturer or carrier
  • Block MMS from unknown senders
  • Disable automatic MMS retrieval in Messaging setup
  • Use a browser that is not vulnerable to Stagefright (for example, Firefox 38+)

Additional Resources

Are you still vulnerable to Stagefright? Get your Android device checked

 


 

How can I protect my device?

By default, Android devices download a video when received via MMS. In order to avoid device exploits like Stagefright, it is highly recommended to disable MMS auto-retrieve.

Depending on your Android version and the device model, the default SMS app may be called Hangouts, Messages, Messenger or Messaging.

 


How to disable MMS Auto-retrieve in Hangouts:

  1. Open Hangouts and tap the Menu button in the top left corner:



     
  2. Tap Settings:



     
  3. Tap SMS:



     
  4. Deselect Auto retrieve MMS:


     

 


 

How to disable MMS Auto-retrieve in Messaging:

  1. Open Messaging, tap the Menu button in the bottom right corner and tap Settings:



     
  2. Deselect Auto-retrieve:

 


 

How to disable MMS Auto-retrieve in LG Messaging:

  1. Open Messaging, tap the Menu button in the top right corner and tap Settings:



     
  2. Tap Multimedia message:



     
  3. Deselect Auto-retrieve:

 


How to disable MMS Auto-retrieve in Messenger:

  1. Open Messenger and tap the Menu button in the top right corner:



     
  2. Tap Settings:



     
  3. Tap Advanced:



     
  4. Turn off the Auto-retrieve option:

 


How to disable MMS Auto-retrieve in Samsung Messages:

  1. Open Messages and tap MORE:



     
  2. Tap Settings:



     
  3. Tap More settings:



     
  4. Tap Multimedia messages:



     
  5. Turn off the Auto retrieve option:

 


Was this information helpful?