Home article search

How can I protect my Android device from Stagefright vulnerability?

Issue

  • Affects versions of Android 2.2 (Froyo) and newer, including 5.1.1
  • How to better protect vulnerable phones
  • ESET Stagefright Detector for Android

Details

Related vulnerabilities

CVE-2015-1538
CVE-2015-1539
CVE-2015-3824
CVE-2015-3826
CVE-2015-3827
CVE-2015-3828
CVE-2015-3829
CVE-2015-6602

 

Solution

The Stagefright vulnerability allows an attacker to remotely execute arbitrary code by sending a specific MMS (Multimedia Messaging Service) or by forging a multimedia file using a compromised website. The malicious code can run unnoticed even without opening a malicious MMS.

Affected Android versions: Android 2.2 (Froyo) and newer, including 5.1.1.

ESET Stagefright Detector

ESET has released a stand-alone app on Google Play that detects whether your Android device is protected from the Stagefright vulnerability. Click to view a screenshot.

For more information and to download the app, see the ESET Stagefright Detector page on Google Play:

ESET Mobile Security for Android does not detect or protect from Stagefright (see below for more information about protecting yourself from this vulnerability). MMS are controlled by the Android default messaging application and this vulnerability can only be resolved through the device manufacturer's release patches. 

How to better protect vulnerable phones

To find out if your phone is protected, check with the device manufacturer to see if patches have been distributed for it.

Follow these steps to better protect your device from this vulnerability (see below for illustrated instructions to protect your device.)

  • Ensure that automatic updates are enabled on your Android device to receive the latest patches from your device manufacturer or carrier
  • Block MMS from unknown senders
  • Disable automatic MMS retrieval in Messaging setup
  • Use a browser that is not vulnerable to Stagefright (for example, Firefox 38+)

Additional Resources

Are you still vulnerable to Stagefright? Get your Android device checked


 

How can I protect my device?

By default, Android devices download a video when received via MMS. In order to avoid device exploits like Stagefright, it is highly recommended to disable MMS auto-retrieve.

Depending on your Android version and the device model, the default SMS app may be called Hangouts, Messages, Messenger or Messaging.

 


Disable MMS Auto-retrieve in Hangouts

  1. Open Hangouts and tap the Menu button in the top left corner.



     
  2. Tap Settings.



     
  3. Tap SMS.



     
  4. Deselect the check box next to Auto retrieve MMS.


     


 

Disable MMS Auto-retrieve in Messaging

  1. Open Messaging, tap the Menu button in the bottom right corner and tap Settings.



     
  2. Deselect the check box next to Auto-retrieve.


 

Disable MMS Auto-retrieve in LG Messaging

  1. Open Messaging, tap the Menu button in the top right corner and tap Settings.



     
  2. Tap Multimedia message.



     
  3. Deselect the check box next to Auto-retrieve.


 

Disable MMS Auto-retrieve in Messenger

  1. Open Messenger and tap the Menu button in the top right corner.



     
  2. Tap Settings.



     
  3. Tap Advanced.



     
  4. Turn off the Auto-retrieve option.

 


 

Disable MMS Auto-retrieve in Samsung Messages

  1. Open Messages and tap MORE.



     
  2. Tap Settings.



     
  3. Tap More settings.



     
  4. Tap Multimedia messages.



     
  5. Turn off the Auto retrieve option.

 


Was this information helpful?