As you may know, a vulnerability of the Android operating system is in the spotlight. It’s called Stagefright and it gets through to the devices as an MMS message, allowing attackers to access the personal information stored in the device and control some components like the camera and microphone. This is a relevant issue as even though those kind of messages have been replaced by those that are sent over the internet with services such as Whatsapp, which also allows you to send multimedia files, the default settings on some of the apps that receive MMS retrieve those messages automatically.
We’ve seen some efforts from Google, OEMs and carriers to patch the software as soon as possible but the German carrier Deutsche Telekom is taking the issue into its own hands and will provide a partial solution to its users. Since MMS is a service offered by the carriers, they will disable this kind of messages to be auto-retrieved on their carrier-locked devices. If a user still gets one of this messages, the carrier will send them an SMS message to let them know about it containing a link to the multimedia file that reads: “You have a new MMS. You can follow this link to download within 3 days (with credentials like number and passcode)”. The carrier is still warning its users that the file might be harmful, so it’s better to wait until the issue has been resolved or to make sure that the sender is trustworthy. Of course, once the software is properly patched, the carrier will continue to deliver MMS like they used to.
Apparently a threat of such magnitude had to happen to raise awareness so that manufacturers and even Google itself take security more seriously. Google and Samsung have committed to updating their phones as much as once a month to be prepared to patch vulnerabilities that are constantly appearing. It’s good to know that at least this carrier is also doing what it can to ensure security among its devices, as updates usually take more time since they involve more partners and is a more complex process overall.