Mitigate Android's Stagefright by disabling MMSes

Posted on Jul 27

Stagefright is a novel attack that allows remote code execution on the vast majority of devices running Android. Whereas the details of the vulnerability will be publicly released on August 5th, the general idea behind the attack (which was released just two hours ago) is to compromize the multimidia library that parses and displays MMS media.

Since the attack looks terribly effective, it is a good idea to mitigate it by disabling MMSes, until a fix is released (provided, of couse, that you don’t use MMSes).

To do that, open the “Settings” menu (here, on Android 5.1, the look of your menu might be different) stagefright

Select “Cellular Networks” stagefright

Select “Access Point Names” stagefright

Select your access point. It should look something like this. stagefright

Now remove “mms” from “APN Type”. stagefright

I’ve also cleared out “MMSC” for good measure (optional) stagefright

Your new settings will take effect after you reboot the phone, or put it in airplane mode for a few seconds.

Note that Android converts group SMSes to MMSes, so you might want to disable that too. To do that, go to the Messaging app, open the Settings menu, and disable Group Messaging and Auto-Retrieve. stagefright

comments powered by Disqus