Here's what you can do to guard your Android phone against the Stagefright exploit

Here's what you can do to guard your Android phone against the Stagefright exploit
So, did the Stagefright vulnerability in Android frighten you? Publicized as one of the worst Android vulnerabilities ever found, the exploit could theoretically let attackers access your mobile device's data, camera, and microphone, as well as let them execute code remotely. In other words, Stagefright busts your smartphone or cellular tablet wide open with just a single malicious MMS message, the boogeyman inside it unleashed automatically by the message's very arrival.

Scary! Only the researchers at Zimperium who documented the exploit claim that there's no evidence of Stagefright being exploited by anyone so far. Which is strange, considering the sheer scope of the bug.

While we can't realistically claim Stagefright's existence is no big deal to worry about, we can still highlight a simple precaution anyone with an Android device can take to prevent potential attacks from occurring. It boils down to disabling automatic retrieving of MMS messages from within your messaging app. With that in place, as long as you don't download infected media files on your device, you will be good to go!

Here are the steps for four popular Android flagship smartphones - the Samsung Galaxy S6, the LG G4, the Nexus 6, and the HTC One M9. The instructions should apply towards all devices from said manufacturers that have the same apps and user interface. That is, devices two or three years older may contain that precious "Disable MMS retrieval" switch in a different place, and it will be up to you to find it. Check out your Messages app for starters, and you might find it sooner than you think!



1. hmd74

Posts: 540; Member since: Jan 31, 2013

Flagships survive... others die :|

2. RebelwithoutaClue unregistered

Nope, you just need to uncheck Auto-retrieve MMS setting in the smartphone you are using

5. marorun

Posts: 5029; Member since: Mar 30, 2015

Exactly you just have to close the door. So its not a vulnerability its just another propaganda crap. On another hand its nice to know we can disable this as its can cost you data when you roam to others country.

3. natypes

Posts: 1110; Member since: Feb 02, 2015

After ICS Google put in place some strong security measures one of them is called Address Space Layout Randomization (ASLR). This security makes it more difficult for an attacker to guess the location of code, which is required for them to build a successful exploit. ASLR makes writing an exploit like trying to get across a foreign city without access to Google Maps, any previous knowledge of the city, any knowledge of local landmarks, or even the local language.

4. tonyv

Posts: 54; Member since: Mar 12, 2014

thanks for the tip

6. buccob

Posts: 2968; Member since: Jun 19, 2012

For those of you using Hangouts as SMS client, it is a similar process... Just go to Settings > SMS > unchecked "Auto-retrieve MMS"

7. isprobi

Posts: 797; Member since: May 30, 2011

Where are the instructions for my BlavkBerry Passport?...........Never mind. I do not feel like I can truest my Nexus 6 anymore if ever Android was truly secure.

8. Plutonium239

Posts: 1213; Member since: Mar 17, 2015

Android never was truly secure and never will be, IOS is very insecure and Blackberry and Windows Phone are the most secure.

9. Mxyzptlk unregistered

Well one has a very small user base and the other is a blend of iOS and Android almost.

10. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Despite that even during last years hacking challenge, WP stood the test and had 0 and apple on the other hand didn't last the first day.

14. Plutonium239

Posts: 1213; Member since: Mar 17, 2015

Windows Phone has a larger user base than Blackberry and is not a blend of IOS and Android, it is its own unique thing.

15. isprobi

Posts: 797; Member since: May 30, 2011

But BB10 can do more. Like run Android apps sarely in a virtual environment, truly multi-task like continuing to play video sound in the web browser while you go do something else like check email, use BlackBerry Balance to separate your phone into independent work and personal areas with different apps and rules, gather all your messages in one place (BlackBerry Hub) and let you open them without opening the app.

20. Plutonium239

Posts: 1213; Member since: Mar 17, 2015

Windows 10 Mobile will be able to run Android apps, please reference Project Astoria. Have you ever used Windows Phone 8.1? It has a way to do these things you say blackberry can do.

11. Tizo101

Posts: 539; Member since: Jun 05, 2015

good luck in guessing my number... some of us don't stick to the same number for to long.

13. isprobi

Posts: 797; Member since: May 30, 2011

What if I just start sending out malicious messages to all possible phone numbers. Eventually I will hit your number.

12. isprobi

Posts: 797; Member since: May 30, 2011

So these tips seem to be centered around not automatically downloading and opening a video. What if the message sounds interesting or appears to be from someone I know and I decide to open it anyway?

16. james2841

Posts: 167; Member since: Dec 10, 2014

if that happens then you have to get bomb grade uranium and tons of high pressure explosives, then give it to a monkey (optional) and run away. or you could have the phone in bootloader mode and and start a manual search and destroy operation and complety nuke the sectors or blocks that the malware is on, while restoring the nuked blocks with a copy from a backup. at this point the first option sounds better.

19. isprobi

Posts: 797; Member since: May 30, 2011

I will take the monkey.route.

17. Phaze0085

Posts: 124; Member since: Sep 22, 2011

This kinda freaks me out, cause i got a few MMS's when I woke up this morning and I thought nothing of it. I downloaded one, but how would you be able to tell if you were attacked by this bug?

21. An.Awesome.Guy

Posts: 636; Member since: Jan 12, 2015

I guess , you shouldn't take MMS messages from unknowns or hacker friends ( if you have one).

18. tokuzumi

Posts: 1900; Member since: Aug 27, 2009

I wonder if Google is handling this for me? I ported my number to Google Voice, and use hangouts for messaging. Ultimately, this whole thing is just propaganda to designed to incite fear, and distract from other things going on.

22. strudelz100

Posts: 646; Member since: Aug 20, 2014

Lol Android Problems. All users should EXPECT vulnerabilities in software written by an ADVERTISING and DATA MINING company like Google. Don't hear the Feds and Police whining about security on Android devices like they do about the iPhone's encryption that they still can't break. Folks actually believe Android is free? Actually you need to give up your both privacy and security.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.