July 30, 2015

How to disable auto-fetching of MMS messages on a device’s default SMS app

When an Android device receives a video message via SMS, by default it will automatically download the file. Therefore, disabling auto-fetching prevents an attacker from getting a device to automatically download a malicious video containing Stagefright exploits, which allows the user to delete the message and avoid device exploitation.

To determine your device’s default SMS app, go to Settings > Default applications > Messages.

While these instructions will make it harder for a device to be exploited via MMS, Lookout encourages Android users to exercise caution when viewing videos displayed on untrusted websites or included in messages from unknown senders.

Instructions for disabling auto-fetching of MMS for Hangouts:

First, open Hangouts, then, tap on the menu button in the upper left corner:


Then tap “Settings”:


Then tap “SMS”:


(Note: If SMS is not listed here then a device does not use Hangouts for retrieving SMS/MMS and the user should instead disable auto-fetching of MMS for the relevant application.)

Then scroll down and uncheck “Auto retrieve MMS”:


Instructions for disabling auto-fetching of MMS for Messages:  

First, open Messages, then, tap on the menu button in the upper right corner:


Then tap “Settings”:


Then tap “Multimedia message (MMS)”:


Then uncheck “Auto retrieve”:


Instructions for disabling auto-fetching of MMS for Messaging:

First, open Messaging, then, tap on the menu button in the bottom right corner:


Then tap “Settings”:


Then scroll down and uncheck “Auto-retrieve”


Instructions for disabling auto-fetching of MMS for Messenger:

First, open Messenger, then, tap on the menu button in the upper right corner:


Then tap “Settings”:


Then tap “Advanced”:


Then disable “Auto-retrieve”:


Category:   Hidden  •  Uncategorized
July 28, 2015

What you need to know about the new Android vulnerability, “Stagefright”

Update: We have released a detector app to help you know whether your device is affected. Learn more here.

What is Stagefright?

Yesterday a security researcher revealed a series of high-severity vulnerabilities related to Stagefright, a native Android media player, that affect nearly all Android devices in the world. The Stagefright vulnerabilities carry serious security implications: an attacker could exploit them to remotely control and steal data from a device by sending a victim a multimedia message (MMS) packaged with an exploit.

Category:   Security
July 10, 2015

Jailbreaking not a requirement for infecting iPhones with Hacking Team spyware

This week, the security world exploded with the news that Hacking Team, a vendor of Italian spyware — software that captures Skype, message, location, social media, audio, visual, and more data, and is marketed as “stealth” and “untraceable” — was hacked.

One of the major takeaways is that a significant number of governments in the world, Hacking Team’s customers, are actively seeking to compromise iOS and Android devices, likely to access the trove of data stored on or accessed by these mobile devices.

Category:   Security
July 1, 2015

Japanese malware abuses service helping the disabled use smartphones; spies on victims and steals LINE data

The accessibility service in Android helps give the disabled and individuals with restricted access to their phones alternative ways to interact with their mobile devices. It also has unintentionally opened the door for Japanese surveillanceware to steal data from LINE, the most popular messaging service in Japan.

After discovering this threat, Lookout notified both LINE and Google. None of LINE’s systems were breached. All Lookout users are protected against this threat.

Category:   Alerts  •  Security