**** PLEASE DISTRIBUTE WIDELY ****
A vulnerability has been discovered in
the Android operating system that allows an attacker to access
data stored on your device or remotely install software by
just having your mobile phone
number. This vulnerability is being referred to as “StageFright”.
All Android based phones after and including versions 2.2 are
vulnerable.
An attacker can use your mobile
number to remotely execute code using a media file delivered via
text message such as a picture or video message. You are
especially
vulnerable if you have your device
configured to auto-download media in your messaging apps.
You can take the following actions
in this regard:
To turn off auto-downloading of MMS
messages..
OPEN SMS app - tap MENU >
SETTINGS > Multimedia messages > Auto retrieve, REMOVE check
mark. You will now be prompted to download an image when
receiving an MMS message.
To block messaging from unknown
contacts...
OPEN SMS app - tap MENU >
SETTINGS > SPAM FILTER, Turn ON > Select "Block unknown
senders"
It is also recommended that you
contact your device manufacturer and cellular data provider to
identify if and when a patch may be available for your individual
device and operating system.
For further information please see:
http://www.cbc.ca/news/business/stagefright-bug-makes-nearly-1-billion-android-phones-vulnerable-zimperium-says-1.3171108
http://staff.computing.yorku.ca/support-services/your-york-computer/protecting-your-computing-devices/stagefright-bug-affecting-android-devices/
--
Please direct any questions or concerns to UIT Client Services -
email: [log in to unmask] or visit http://ithelp.yorku.ca
UIT Announce