This notice is from the archives of The Notice Board. Information contained in this notice was accurate at the time of publication but may no longer be so.
An issue was recently discovered on Android devices which could expose the user to potential cyberattacks. It is characterized by a specially crafted text message which attaches multimedia (video, music, pictures) data to the communication. By default, Android tries to process this information in the background so that when you open it up, it doesn’t buffer or cause delays with seeing the content. When the android device is attacked, malicious commands are sent to the phone in the background and the user do not know they have lost control of the device. Risks of a compromise include stolen passwords, leaked contact information which are subject to attacks, data loss if files are stored on the device, and potential fraudulent transactions conducted in the user’s name without their knowledge or consent.
Unfortunately, fixes for android devices are pushed infrequently, but there are some steps you can take to prevent yourself from becoming a victim of this type of attack until your manufacturer releases an update.
There is an option in the text messaging application used to disable the automatic retrieval of MMS (multimedia) text messages. This allows you to determine if you trust the sender of the message before opening their communication. The steps for disabling may be slightly different for various versions of the Android operating system, but typically the user can find it by following these instructions.
Contact:
Diane Boyle | diane.boyle@uleth.ca | (403) 382-7180 | blogs.ulethbridge.ca/it-services/2015/07/29/android-phones-and-the-stagefright-vulnerability