Time To Quit MMS? “Stagefright” Code Leaves Devices Vulnerable To Malware And Hacking

In the age of LTE and HSPA, there is absolutely no reason to use MMS.

For those who still do, however, now may not be a good time to open and run media sent through MMS: Stagefright, a code in the Android kernel used in the playback of multimedia files can be exploited to send malware into a device. In short, a hacker can infect your device via MMS, no thanks to a code that’s very much a part of the Android system.

According to Android security news sources, this loophole leaves users of Androids on version 2.3 and up very vulnerable to the bug and the exploits that could be run with it. This means that estimated 940 Million Android devices are vulnerable.

The mechanism is this: When a user receives and plays an MMS with malware riding on the Stagefright bug, the malware will be deployed to any or every part of the Android system where Stagefright has permissions. And if the malware has a function to replicate itself and sends to one’s contacts, then it has the potential to infect your contact list’s phones, too.

Google classifies this vulnerability as “very high risk.” While Google has already released a patch for the vulnerability to the different smartphone makers, it is no longer Google’s responsibility to ensure that the patch will reach the end users’ devices. The tech community observes that the fact that Android device makers add code on top of the Android into their stock OS makes the creation of patches for the devices a possible logistical and coding nightmare.

More than that, the fact that the 950 Million devices are divided in the Android version that they use, also contributes to the difficulty in rolling out a patch to address the vulnerabilities in all those 950 Million devices.

In any case, the end users could just avoid opening questionable MMS files, never get started using MMS in the first place, or quit using MMS altogether.