Reducing risk of being victimized by 'Stagefright'

Tak is on vacation this week, so it's time to open the mailbag. Please look for his latest article in the next issue!


I saw a news segment on TV about a virus that can affect hundreds of millions of smartphones in use today. They mentioned Google’s Android but not the iPhone. I use a smartphone but it is not an iPhone. Do I have to be concerned?

I was about to hit the door but vacation can wait as it is a staycation in our backyard paradise!

Before I address your question, I need to demystify smartphone operating systems. An operating system, “OS” for short, is the software that manages the hardware and the apps. It is analogous to your brain that gives the signal to, for example, to raise your right hand when you want to.

There are two major smartphone operating systems in use today. One is called “iOS” from Apple which runs their iPhone, iPad and iPod products; the other is called “Android” from Google.

While Apple’s operating system, iOS, runs only on Apple-manufactured mobile devices (smartphones and tablets), Google’s operating system, Android, is licensed to other mobile device manufacturers like Samsung, Motorola and many others. Manufacturers who license Android can brand their product to differentiate from a competitor’s mobile device –not only physical appearances but by how the screen looks (aka “skinning”). For example, Motorola has been branding their Android-based smartphones for Verizon as “Droid” and has skinned it in its signature style.

This is a similar arrangement with computers where Apple uses their own “OSX” operating system on the computers they manufacture while Microsoft licenses their “Windows” operating system to many different computer manufacturers.

I think the latest bug you are referring to is called “Stagefright” and since your smartphone is not an iPhone, chances are good that it is running the Android operating system, thus you are right to be concerned.

Stagefright is a vulnerability affecting Android devices where theoretically a hacker could gain access to a phone by texting an infected picture or video through a multimedia messaging service (MMS) app.

Other than to patiently wait for your device manufacturer or your mobile service provider to ready an update to patch the vulnerability, what can you do to minimize becoming a victim of Stagefright?

Go into your Android-based smartphone’s settings to turn off the auto-fetching or auto-retrieve feature of MMS. For step-by-step instructions, many with pictures, do a web search on "disable MMS auto-fetch." Alternatively you can take your smartphone to your mobile service provider's store and ask the staff to disable MMS auto-fetch for you.

Disabling this feature just means that it’ll take an additional step before you can see the picture/video that someone you know sent to you. Because a theoretical attacker who exploits the Stagefright bug could victimize you by just knowing your smartphone number, even after disabling MMS auto-fetch you should only click on the button to open the picture/video message if you recognize the sender.

And when you are notified that an update with a Stagefright-fixing patch is available for your device, make sure you install it!

Tak Sato

Business and technology strategist/consultant with 25 years of experience. Holds Bachelor of Science in Computer Information Science and MBA from Cleveland State University.

As founder of geek with a heart, "Hand-holding You in the Digital World", Tak helps Individuals, Seniors, Families, Small Businesses, Schools, and Non-Profits utilize appropriate technology in their personal and professional lives.

Read More on The Digital World
Volume 7, Issue 15, Posted 9:42 AM, 08.04.2015