Stagefright is the name of the new security threat for Android smartphones and tablets. It allows the hacker to gain control of an Android device through a malicious MMS. It has been dubbed the worst vulnerability in the history of the Android mobile operating system, which was developed by Google.

According to an analysis conducted by the researchers at Zimperium Mobile Security, around 950 million Android devices all over the world are susceptible to the new security problem. However, it also claims that currently no user has reported about the Stagefright exploit. Zimperium will be discussing more on the new security issue during the Black Hat USA event on Aug. 5 and at DEF CON 23 on Aug. 7.

Through Stagefright exploit, users can remotely take control of an Android device and access photos, cameras, private data and more. The security risk is mainly related to an insecure code in Stagefright.

Phone Arena states that since the time Android Froyo 2.2 was released in 2010, Stagefright has been the multimedia library for the Android OS. Since Stagefright is present in all the subsequent versions of Android, the vulnerability encompasses 95 percent of Android smartphones and tablets.

The Stagefright exploit is carried out by sending a malicious MMS to an Android device. However, the Android OS is unable to detect it as a security issue but only recognizes it as a video file. In Android devices that are running on Android versions older than JellyBean OS, hackers can gain control of the device, even if the MMS is not opened by the user. Moreover, on such devices, hackers will even be able to delete the problematic MMS without the consent of the user.

In order to prevent such a hack attack, users are only required to disable the automatic retrieving feature for MMS.  Here is how users can protect their devices from getting hacked through Stagefright exploit:

  • Launch the Messages app.
  • Navigate to the top right corner and click the three dots (or More button) to access Settings.
  • In Settings, go to Multimedia messages (or Advanced in some devices).
  • Remove the check mark present near Auto-retrieve.