

How to Protect Your Android Device from StageFright Exploit - shakes
https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html

======
gregorymichael
Author here. If the steps to turn off auto-retrieval of media are different on
your version of Android, could you let me know?

------
shostack
Thanks for this post. How do things change if you use the default Messenger
app vs. Hangouts?

I just updated my Messenger app settings to uncheck these options, but when I
went into Hangouts to check there, "Auto retrieve MMS" was checked, but all of
those boxes were greyed out and it said "SMS disabled - Touch to make Hangouts
your default SMS app".

So the question then is whether that is a sufficient indicator that Hangouts
is not used, and is Hangouts still vulnerable if I am just using the default
Messenger app?

EDIT: Stock Nexus 4 running vanilla Android 5.1.1

~~~
gregorymichael
You'll want to disable auto MMS retrieval in whatever your default SMS/MMS
client is. And thank you for mentioning Messenger -- we just updated the post
to include instructions for it as well.

~~~
shostack
NP. Is there anything to look for in past MMS's that could be indicative of an
attack? Would it always be an unknown user with a video attachment? Or could
they spoof a known user?

Since it has been in the wild for a while, I'm now wondering what I can do to
look for symptoms of an infection.

------
sohkamyung
For my Xiaomi Redmi 1S running MIUI 6, the instructions are:

Go to Settings -> Messaging -> Additional Settings -> Auto-retrieve MMS and
toggle the settings to off.

