The IT Support Centre would like to make Android users aware of the recent "Stagefright" vulnerability which has been identified on Android devices. This is a vulnerability that exists in all versions of the Android mobile operating system. Since the announcement of the vulnerability in late July, Google claims that users of Android 4.0 and above are protected. The following link explains the vulnerability in more detail: http://www.androidcentral.com/stagefright

As described on the site linked above, patches exist to resolve this problem however not all vendors are currently making the patch available. Until the patch is made available by all vendors, the steps below can be followed to help protect users from being affected.

- Blocking all text messages from unknown senders in the default text message handling app may mitigate this issue.

- If the default text messaging app does not allow blocking of senders, users may also disable the auto-retrieve feature for multimedia messages. This may prevent the autoloading of multimedia message service (MMS) content into Stagefright. Users can disable auto-retrieval of MMS messages by following the steps below.

Google Hangouts as default SMS:
1. Open Google Hangouts
2. Choose Settings
3. Select SMS
4. Scroll down and turn off Auto-Retrieve MMS

Google Messenger as default SMS:
1. Open Messenger app
2. Go to the right-hand side of the application and select the three dots
3. Choose Settings
4. Choose Advanced
5. Turn off Auto-Retrieve

Other (using default messaging app):
1. Go to Messages app
2. Select More
3. Select Settings
4. Select Multimedia Messages
5. Turn off Auto-Retrieve

Additional information:

http://www.kb.cert.org/vuls/id/924951

http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android

http://blog.zimperium.com/how-to-protect-from-stagefright-vulnerability