How can I protect my Android device from Stagefright vulnerability?KB Solution ID: KB3751 |Last Revised: August 28, 2015
- Affected versions of Android
- How to better protect vulnerable phones
- ESET Stagefright Detector for Android
The recently disclosed Stagefright vulnerability allows an attacker to remotely execute an arbitrary code simply by sending a specific MMS (Multimedia Messaging Service) or by forging such a multimedia file using a compromised website. The malicious code can run unnoticed even without opening a malicious MMS.
Affected Android versions: Android 2.2 (Froyo) and newer, including 5.1.1.
ESET Stagefright Detector
ESET has released a stand-alone app on Google Play that detects whether your Android device is protected from the Stagefright vulnerability. Click to view a screenshot.
For more information and to download the app, see the ESET Stagefright Detector page on Google Play:
ESET Mobile Security for Android does not detect or protect from Stagefright (see below for more information about protecting yourself from this vulnerability). MMS are controlled by the Android default messaging application and this vulnerability can only be resolved through the device manufacturer's release patches.
How to better protect vulnerable phones
Additionally, to find out if your phone is protected you can make sure the device manufacturer has distributed patches for it. Contact the manufacturer or your carrier for more information.
The following items are some steps you can take to better protect your device from this vulnerability (also see below How can I protect my device for illustrated instructions):
- Ensure that automatic updates are enabled on your Android device to receive the latest patches from your device manufacturer or carrier
- Block MMS from unknown senders
- Disable automatic MMS retrieval in Messaging setup
- Use a browser that is not vulnerable to Stagefright (for example, Firefox 38+)
How can I protect my device?
By default, Android devices download a video when received via MMS. In order to avoid device exploits like Stagefright, it is highly recommended to disable MMS auto-retrieve.
Depending on your Android version and the device model, the default SMS app may be called Hangouts, Messages, Messenger or Messaging.
- How to disable MMS Auto-retrieve in Hangouts
- How to disable MMS Auto-retrieve in Messaging
- How to disable MMS Auto-retrieve in LG Messaging
- How to disable MMS Auto-retrieve in Messenger
- How to disable MMS Auto-retrieve in Samsung Messages
How to disable MMS Auto-retrieve in Hangouts:
Open Hangouts and tap the Menu button in the top left corner:
Deselect Auto retrieve MMS:
How to disable MMS Auto-retrieve in Messaging:
Open Messaging, tap the Menu button in the bottom right corner and tap Settings:
How to disable MMS Auto-retrieve in LG Messaging:
Open Messaging, tap the Menu button in the top right corner and tap Settings:
Tap Multimedia message:
How to disable MMS Auto-retrieve in Messenger:
Open Messenger and tap the Menu button in the top right corner:
Turn off the Auto-retrieve option:
How to disable MMS Auto-retrieve in Samsung Messages:
Open Messages and tap MORE:
Tap More settings:
Tap Multimedia messages:
Turn off the Auto retrieve option: