July 30, 2015

How to disable auto-fetching of MMS messages on a device’s default SMS app

When an Android device receives a video message via SMS, by default it will automatically download the file. Therefore, disabling auto-fetching prevents an attacker from getting a device to automatically download a malicious video containing Stagefright exploits, which allows the user to delete the message and avoid device exploitation.

To determine your device’s default SMS app, go to Settings > Default applications > Messages.

While these instructions will make it harder for a device to be exploited via MMS, Lookout encourages Android users to exercise caution when viewing videos displayed on untrusted websites or included in messages from unknown senders.

Instructions for disabling auto-fetching of MMS for Hangouts:

First, open Hangouts, then, tap on the menu button in the upper left corner:

SF1

Then tap “Settings”:

SF2

Then tap “SMS”:

SF3

(Note: If SMS is not listed here then a device does not use Hangouts for retrieving SMS/MMS and the user should instead disable auto-fetching of MMS for the relevant application.)

Then scroll down and uncheck “Auto retrieve MMS”:

SF4

Instructions for disabling auto-fetching of MMS for Messages:  

First, open Messages, then, tap on the menu button in the upper right corner:

SF5

Then tap “Settings”:

SF6

Then tap “Multimedia message (MMS)”:

SF7

Then uncheck “Auto retrieve”:

SF8

Instructions for disabling auto-fetching of MMS for Messaging:

First, open Messaging, then, tap on the menu button in the bottom right corner:

SF9

Then tap “Settings”:

SF10

Then scroll down and uncheck “Auto-retrieve”

SF11

Instructions for disabling auto-fetching of MMS for Messenger:

First, open Messenger, then, tap on the menu button in the upper right corner:

SF12

Then tap “Settings”:

SF13

Then tap “Advanced”:

SF14

Then disable “Auto-retrieve”:

SF15

Category:   Hidden  •  Uncategorized
July 28, 2015

What you need to know about the new Android vulnerability, “Stagefright”

Update: We have released a detector app to help you know whether your device is affected. Learn more here.

What is Stagefright?

Yesterday a security researcher revealed a series of high-severity vulnerabilities related to Stagefright, a native Android media player, that affect nearly all Android devices in the world. The Stagefright vulnerabilities carry serious security implications: an attacker could exploit them to remotely control and steal data from a device by sending a victim a multimedia message (MMS) packaged with an exploit.

Category:   Security
July 10, 2015

Jailbreaking not a requirement for infecting iPhones with Hacking Team spyware

This week, the security world exploded with the news that Hacking Team, a vendor of Italian spyware — software that captures Skype, message, location, social media, audio, visual, and more data, and is marketed as “stealth” and “untraceable” — was hacked.

One of the major takeaways is that a significant number of governments in the world, Hacking Team’s customers, are actively seeking to compromise iOS and Android devices, likely to access the trove of data stored on or accessed by these mobile devices.

Category:   Security
July 1, 2015

Japanese malware abuses service helping the disabled use smartphones; spies on victims and steals LINE data

The accessibility service in Android helps give the disabled and individuals with restricted access to their phones alternative ways to interact with their mobile devices. It also has unintentionally opened the door for Japanese surveillanceware to steal data from LINE, the most popular messaging service in Japan.

After discovering this threat, Lookout notified both LINE and Google. None of LINE’s systems were breached. All Lookout users are protected against this threat.

Category:   Alerts  •  Security