Emerging Threats

Newly discovered bug Stagefright can secretly sneak onto Android phones via MMS text messages

Authored by a Symantec employee


​A new, extremely dangerous flaw dubbed Stagefright, has been discovered within the Multimedia Text Message (MMS) capabilities on Android phones running OS 2.2 and later. This appears to affect about 95 percent of android phones.

What does Stagefright do?

If you have Auto Download capabilities enabled on your text messaging application on your Android phone, an attacker can send an MMS, which can be a photo, video or other piece of media to the device containing malicious code, allowing the exploit to be executed without the users’ knowledge. Stagefright can then bypass the permissions on the phone, allowing the attacker to access other parts of the phone such as SD cards, cameras and anything containing personal data. All an attacker needs is a phone number, and once the text is sent, the vulnerability is then silently executed without any knowledge on the users’ part.

What can I do to be protected?

  • Visit your cell phone manufacturers’ website for details on whether a patch for this vulnerability is available.
  • You can also disable Auto Retrieve MMS based on which application is being used for text messages, such as Google hangouts or Google Messenger (which is the default messenger for Android phones). If you are using Google Messenger as your text messaging app, you can turn off Auto Retrieve by going into the settings of the app, advanced, and turn off Auto Retrieve. To ensure this is off, make sure the blue button is grey.
  • If you are using Google Hangout as your text messaging client, go to settings, advanced, SMS and uncheck Auto Retrieve SMS.

It is important to keep in mind, this is only a partial, temporary solution. Even with auto-retrieve MMS turned off, it is possible for a user to accidentally download a malicious message. Therefore, it is extremely important for a user to make sure their phone manufacturer has plans to patch this vulnerability by checking their website. For users on older phones where the manufacturer is no longer providing updates, users should consider upgrading to a newer device.

While Norton Security does not protect against this particular vulnerability from being exploited, it does offer protection for a variety of other threats. Norton Mobile Security’s App Advisor provides proactive protection from malicious apps before you download them. App Advisor scans apps in the Google Play Store looking for features that can invade privacy; display annoying/intrusive behaviors such as pop up ads or excessive battery usage, and unnecessary data usage. It will also detect if an app contains malware or is malicious in nature. Norton Mobile Security is available from the Google Play Store.

*Updated 8/11/2015

Hot on the heels of the “Stagefright bug” discovery, IBM security researchers have uncovered another severe Android flaw that can affect over 55% of Android phones.

The bug affects Android versions 4.3 and up. Once the malware is executed, it replaces a real app with a “super app” which bypasses the permissions on the phone. It can then snoop through your device, steal personal information, and allow remote attackers to take full control of the device.

While Google has already patched this vulnerability, when it comes to phones, the updates are pushed out via the device’s manufacturer. It is advised to check your phone’s manufacturer’s website to see if a patch has been made available.

In the meantime, remember to exercise caution when receiving text messages, MMS messages, and emails with links or downloads from unknown senders.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.