Due to broad device compatibility for the OS and a strategy that focuses on the OS and not the hardware, Android holds nearly 80% of the mobile smart-phone market share. The downside of holding the mobile software market majority is that when a device-agnostic and OS-specific vulnerability is exposed, the user-base impact and potential PR-backlash is all the greater. Most recently a critical vulnerability has been discovered that puts nearly all Android OS users at risk.
By exploiting a vulnerability in Android messenger apps, all that’s needed for the new virus Stagefright to infect your phone is your phone number in the hands of a crafty hacker. Unlike with most malware, you don’t need to download a file, click a link, or even open the message to expose yourself to infection. Once you receive an infected multimedia message, hackers can get to work tracking your location, intercepting your data, or taking control of your phone’s audio or video capabilities.
The criminal would start by hiding the malware inside a multimedia message, usually a video clip. Then, all that is left to do is send the infected MMS to the target and it’s done. Once the targeted smartphone receives the message, it is already compromised before the “message received” notification even sounds off
Particularly troubling is the fact that the Stagefright virus manages to infiltrate the smartphone without any action from the phone user. By default, Google Hangouts and other text messaging aps instantly process received videos to make them readily viewable in the gallery. This allows the phone to display a preview of the video even before the user opens it.
Once rooted in the target phone, Stagefright enables the ne’er-do-well to gain nearly full control of the phone. Digital miscreants are using the virus to copy and delete data or files of their choosing, or creepily invade privacy by using the victim’s on-board camera and microphone and even record any video or audio that is captured. In essence, the hacker can virtually do anything with the phone… and do it all remotely.
More and more companies are recognizing the vulnerability and releasing patches and fixes as a response. It might take some time for all android smartphones to get the fix though so it is better to do what you can while waiting.
We suggest a quick and easy fix of disabling the auto-retrieve function in your messaging client. To deactivate the auto-retrieve MMS on Samsung Galaxy S6, for example, you would go to “Messages App > More > Settings > Multimedia Messages > Auto-Retrieve” and turn auto-retrieve off (shown in the example here).
Image Credit: Greg Baugues Twilio blog site:
Even if you are unsure whether or not your smartphone provider has already released a firmware update to prevent the Stagefright hack, we here at Dynamic Quest still recommend that you turn your Android’s auto-retrieve off just to be safe, and – at least in the short term – if you do receive a strange video text from an unknown number, delete it immediately. These are the best possible steps you can take to safeguard against the Android Stagefright hack, but certainly stay vigilant and check back here for updates since it’s impossible to know when a different variation of the malware might surface.
Do you have any questions about current malware, viruses, hacks, or network or device security? Is it time to talk about your continuity strategy and data protection? Or maybe you just aren’t sure? Wouldn’t it be nice if you had a friendly neighborhood technology epicenter overflowing with expertise and talent that could answer your questions with no expectations, fee or strings? Well, as luck would have it, we have a mission-driven prerogative to improve our communities through supportive technology education and thought-leadership benefiting both our clients – past, present and future – and their clients – past, present and future. That said, we’re here and happy to help. Just click the “Ask an Expert” button below to submit a question and we’ll get back to you with an answer.
Curious to learn more? Contact your local managed IT service provider?
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”